diff --git a/.github/renovate-config.js b/.github/renovate-config.js index dc51ad0a1cb8..15aed33a1e75 100644 --- a/.github/renovate-config.js +++ b/.github/renovate-config.js @@ -36,7 +36,7 @@ module.exports = { ignoreScripts: false, gitAuthor: 'Renovate Bot (self-hosted) ', platform: 'github', - repositories: [ 'Automattic/jetpack' ], + repositories: [ 'anomiex/jetpack' ], // Extra code to run before creating a commit. allowedCommands: [ monorepoBase + '.github/files/renovate-post-upgrade-run.sh' ], diff --git a/.github/renovate.json5 b/.github/renovate.json5 index fb36d0f0a4ee..053e68e0b54b 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -176,5 +176,5 @@ }, dependencyDashboardTitle: 'Renovate Dependency Updates', dependencyDashboardLabels: [ 'Primary Issue', '[Type] Janitorial' ], - dependencyDashboardFooter: 'The bot runs every two hours, and may be monitored or triggered ahead of schedule [here](https://github.com/Automattic/jetpack/actions/workflows/renovate.yml).', + dependencyDashboardFooter: 'The bot runs every two hours, and may be monitored or triggered ahead of schedule [here](https://github.com/anomiex/jetpack/actions/workflows/renovate.yml).', } diff --git a/.github/workflows/autotagger.yml b/.github/workflows/autotagger.yml deleted file mode 100644 index 97995be3939e..000000000000 --- a/.github/workflows/autotagger.yml +++ /dev/null @@ -1,129 +0,0 @@ -name: Monorepo Auto-tagger - -on: - push: - branches: - - trunk - - prerelease - - '*/branch-*' - -jobs: - tag: - name: Tag - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Fetch tags, shallowly and blobless - run: | - git fetch --depth=1 --filter=blob:none origin 'refs/tags/*:refs/tags/*' - - - name: Determine needed tags - id: get-tags - run: | - REF=${GITHUB_REF#refs/heads/} - if [[ "$REF" == */branch-* ]]; then - PROJECTS="$(jq -r --arg P "${REF%%/branch-*}" '.extra["release-branch-prefix"] | if type == "array" then . else [ . ] end | if index( $P ) then input_filename | match( "^projects/([^/]+/[^/]+)/composer.json$" ).captures[0].string else empty end' projects/*/*/composer.json)" - if [[ -n "$PROJECTS" ]]; then - echo "Branch $REF seems to be a release branch, checking matching projects." - else - echo "::notice::Branch $REF seems to be a release branch, but nothing uses that prefix so not checking any projects." - echo "any=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - else - PROJECTS="$(jq -r 'if .extra["release-branch-prefix"] then empty else input_filename | match( "^projects/([^/]+/[^/]+)/composer.json$" ).captures[0].string end' projects/*/*/composer.json)" - if [[ -n "$PROJECTS" ]]; then - echo "Branch $REF is not a release branch, checking only projects without a release-branch-prefix." - else - echo "::notice::Branch $REF is not a release branch, but somehow no projects lack a release-branch-prefix?" - echo "any=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - fi - - TAGS=() - while IFS= read -r SLUG; do - echo "Checking $SLUG..." - cd "$GITHUB_WORKSPACE/projects/$SLUG" - - CHANGES_DIR=$(jq -r '.extra.changelogger["changes-dir"] // "changelog"' composer.json) - if [[ ! -d "$CHANGES_DIR" || -n "$(ls -- "$CHANGES_DIR")" ]]; then - echo " Project $SLUG has changes in projects/$SLUG/$CHANGES_DIR/, not tagging." - continue - fi - - VER=$(sed -nEe 's/^## \[?([^]]*)\]? - .*/\1/;T;p;q' CHANGELOG.md || true) - echo " Version from changelog is ${VER:-}" - if [[ "$VER" =~ ^[0-9]+(\.[0-9]+)+$ ]]; then - if [[ -n "$( git tag -l "$SLUG@$VER" )" ]]; then - echo " Version $VER is already tagged" - else - echo " Version $VER ok to tag" - TAGS+=( "$SLUG@$VER" ) - fi - else - echo " Not tagging version $VER" - fi - done <<<"$PROJECTS" - - if [[ ${#TAGS[@]} -eq 0 ]]; then - echo "::notice::Nothing to tag." - echo "any=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - - printf "%s\n" "${TAGS[@]}" > "$GITHUB_WORKSPACE/to-tag.txt" - echo "any=true" >> "$GITHUB_OUTPUT" - - - name: Wait for prior instances of the workflow to finish - if: steps.get-tags.outputs.any == 'true' - uses: ./.github/actions/turnstile - with: - # Tagging should be reasonably quick, so poll more frequently. - poll-interval: 15 - - - name: Fetch tags, shallowly and blobless - if: steps.get-tags.outputs.any == 'true' - run: | - git fetch --force --depth=1 --filter=blob:none origin 'refs/tags/*:refs/tags/*' - - - name: Tag projects - if: steps.get-tags.outputs.any == 'true' - run: | - export GIT_AUTHOR_NAME=matticbot - export GIT_AUTHOR_EMAIL=matticbot@users.noreply.github.com - export GIT_COMMITTER_NAME=matticbot - export GIT_COMMITTER_EMAIL=matticbot@users.noreply.github.com - - EXIT=0 - echo "Creating tags..." - TOPUSH=() - while IFS= read -r T; do - if git tag "$T"; then - TOPUSH+=( "$T" ) - fi - done < "$GITHUB_WORKSPACE/to-tag.txt" - - if [[ ${#TOPUSH[@]} -gt 0 ]]; then - echo "Pushing tags..." - # GitHub has a limit on the number of tags that can be updated in a single push. So do them in batches. - # See https://github.blog/changelog/2022-06-15-block-potentially-destructive-git-pushes/ - DONE=() - while [[ ${#TOPUSH[@]} -gt 0 ]]; do - BATCH=( "${TOPUSH[@]:0:5}" ) - if git push origin "${BATCH[@]}"; then - DONE+=( "${BATCH[@]}" ) - else - echo "::error::Failed to create tags: ${BATCH[*]}" - EXIT=1 - fi - TOPUSH=( "${TOPUSH[@]:5}" ) - done - if [[ ${#DONE[@]} -gt 0 ]]; then - echo "::notice::Created tags: ${DONE[*]}" - fi - else - echo "::notice::No tags needed creation." - fi - exit $EXIT diff --git a/.github/workflows/build-docker-monorepo.yml b/.github/workflows/build-docker-monorepo.yml deleted file mode 100644 index 2ee0b83e515f..000000000000 --- a/.github/workflows/build-docker-monorepo.yml +++ /dev/null @@ -1,202 +0,0 @@ -name: Build Monorepo Docker -on: - push: - branches: [ 'trunk' ] - paths: - - 'tools/docker/Dockerfile.monorepo' - - 'tools/docker/bin/monorepo' - - '.github/versions.sh' - - '.github/workflows/build-docker-monorepo.yml' - pull_request: - paths: - - 'tools/docker/Dockerfile.monorepo' - - 'tools/docker/bin/monorepo' - - '.github/versions.sh' - - '.github/workflows/build-docker-monorepo.yml' -concurrency: - group: build-docker-monorepo-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - prepare: - name: Prepare - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 5 # 2025-03-04: Takes just a few seconds. - outputs: - php-version: ${{ steps.buildargs.outputs.php-version }} - composer-version: ${{ steps.buildargs.outputs.composer-version }} - node-version: ${{ steps.buildargs.outputs.node-version }} - pnpm-version: ${{ steps.buildargs.outputs.pnpm-version }} - labels: ${{ steps.buildargs.outputs.labels }} - tags: ${{ steps.buildargs.outputs.tags }} - images: ${{ steps.buildargs.outputs.images }} - - steps: - - uses: actions/checkout@v4 - - - name: Fetch build args - id: buildargs - env: - LABELS: | - org.opencontainers.image.title=Jetpack Monorepo Environment - org.opencontainers.image.description=Environment for building and testing the Jetpack Monorepo. - org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }}/blob/trunk/tools/docker/README.md - run: | - source .github/versions.sh - source .github/files/gh-funcs.sh - - gh_set_output php-version "$PHP_VERSION" - gh_set_output composer-version "$COMPOSER_VERSION" - gh_set_output node-version "$NODE_VERSION" - gh_set_output pnpm-version "$PNPM_VERSION" - gh_set_output labels "$LABELS" - - # We're not git-tagging for the env. Just tag all trunk builds as latest. - if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then - gh_set_output tags "type=raw,latest" - gh_set_output images $'automattic/jetpack-monorepo\nghcr.io/automattic/jetpack-monorepo' - elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then - gh_set_output tags "type=ref,event=pr" - gh_set_output images "ghcr.io/automattic/jetpack-monorepo" - else - echo "Unknown GITHUB_EVENT_NAME $GITHUB_EVENT_NAME" - exit 1 - fi - - build: - name: Build Jetpack Monorepo Environment (${{ matrix.platform }}) - runs-on: ${{ matrix.runner }} - needs: prepare - permissions: - packages: write - contents: read - timeout-minutes: 15 # 2025-03-04: Arm64 build takes about 5 minutes, amd64 build about 3. - strategy: - matrix: - include: - - runner: ubuntu-latest - platform: amd64 - - runner: ubuntu-24.04-arm - platform: arm64 - - steps: - - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - context: tools/docker - file: tools/docker/Dockerfile.monorepo - platforms: linux/${{ matrix.platform }} - # For push by digest, the "tags" are just the images. We tag later. - tags: ${{ needs.prepare.outputs.images }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - build-args: | - PHP_VERSION=${{ needs.prepare.outputs.php-version }} - COMPOSER_VERSION=${{ needs.prepare.outputs.composer-version }} - NODE_VERSION=${{ needs.prepare.outputs.node-version }} - PNPM_VERSION=${{ needs.prepare.outputs.pnpm-version }} - - - name: Export digest - env: - TEMP: ${{ runner.temp }} - DIGEST: ${{ steps.build.outputs.digest }} - run: | - mkdir -p "$TEMP/digests" - touch "$TEMP/digests/${DIGEST#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-linux-${{ matrix.platform }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - name: Merge and publish Jetpack Monorepo Environment - runs-on: ubuntu-latest - needs: [ prepare, build ] - permissions: - packages: write - contents: read - timeout-minutes: 5 # 2025-03-04: Merge takes less than a minute. - - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - tags: ${{ needs.prepare.outputs.tags }} - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools create $(jq -cr --arg IMG "$IMAGE" '.tags | map( select( startswith( $IMG + ":" ) ) | "-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf "$IMAGE@sha256:%s " *) - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) - - - name: Inspect image - env: - VERSION: ${{ steps.meta.outputs.version }} - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools inspect "$IMAGE:$VERSION" - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml deleted file mode 100644 index 50619d302aa9..000000000000 --- a/.github/workflows/build-docker.yml +++ /dev/null @@ -1,203 +0,0 @@ -name: Build Docker -on: - push: - branches: [ 'trunk' ] - paths: - - 'tools/docker/Dockerfile' - - 'tools/docker/bin/run.sh' - - 'tools/docker/config/*' - - '.github/versions.sh' - - '.github/workflows/build-docker.yml' - pull_request: - paths: - - 'tools/docker/Dockerfile' - - 'tools/docker/bin/run.sh' - - 'tools/docker/config/*' - - '.github/versions.sh' - - '.github/workflows/build-docker.yml' -concurrency: - group: build-docker-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - prepare: - name: Prepare - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 5 # 2025-03-04: Takes just a few seconds. - outputs: - php-version: ${{ steps.buildargs.outputs.php-version }} - composer-version: ${{ steps.buildargs.outputs.composer-version }} - node-version: ${{ steps.buildargs.outputs.node-version }} - pnpm-version: ${{ steps.buildargs.outputs.pnpm-version }} - labels: ${{ steps.buildargs.outputs.labels }} - tags: ${{ steps.buildargs.outputs.tags }} - images: ${{ steps.buildargs.outputs.images }} - - steps: - - uses: actions/checkout@v4 - - - name: Fetch build args - id: buildargs - env: - LABELS: | - org.opencontainers.image.title=Jetpack Development Environment - org.opencontainers.image.description=Unified environment for developing in the Jetpack Monorepo using Docker containers. - org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }}/blob/trunk/tools/docker/README.md - run: | - source .github/versions.sh - source .github/files/gh-funcs.sh - - gh_set_output php-version "$PHP_VERSION" - gh_set_output composer-version "$COMPOSER_VERSION" - gh_set_output node-version "$NODE_VERSION" - gh_set_output pnpm-version "$PNPM_VERSION" - gh_set_output labels "$LABELS" - - # We're not git-tagging for the env. Just tag all trunk builds as latest. - if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then - gh_set_output tags "type=raw,latest" - gh_set_output images $'automattic/jetpack-wordpress-dev\nghcr.io/automattic/jetpack-wordpress-dev' - elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then - gh_set_output tags "type=ref,event=pr" - gh_set_output images "ghcr.io/automattic/jetpack-wordpress-dev" - else - echo "Unknown GITHUB_EVENT_NAME $GITHUB_EVENT_NAME" - exit 1 - fi - - build: - name: Build Jetpack Dev Environment (${{ matrix.platform }}) - runs-on: ${{ matrix.runner }} - needs: prepare - permissions: - packages: write - contents: read - timeout-minutes: 15 # 2025-03-04: Arm64 build takes about 5 minutes, amd64 build about 3. - strategy: - matrix: - include: - - runner: ubuntu-latest - platform: amd64 - - runner: ubuntu-24.04-arm - platform: arm64 - - steps: - - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - context: tools/docker - platforms: linux/${{ matrix.platform }} - # For push by digest, the "tags" are just the images. We tag later. - tags: ${{ needs.prepare.outputs.images }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - build-args: | - PHP_VERSION=${{ needs.prepare.outputs.php-version }} - COMPOSER_VERSION=${{ needs.prepare.outputs.composer-version }} - NODE_VERSION=${{ needs.prepare.outputs.node-version }} - PNPM_VERSION=${{ needs.prepare.outputs.pnpm-version }} - - - name: Export digest - env: - TEMP: ${{ runner.temp }} - DIGEST: ${{ steps.build.outputs.digest }} - run: | - mkdir -p "$TEMP/digests" - touch "$TEMP/digests/${DIGEST#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-linux-${{ matrix.platform }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - name: Merge and publish Jetpack Dev Environment - runs-on: ubuntu-latest - needs: [ prepare, build ] - permissions: - packages: write - contents: read - timeout-minutes: 5 # 2025-03-04: Merge takes less than a minute. - - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - tags: ${{ needs.prepare.outputs.tags }} - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools create $(jq -cr --arg IMG "$IMAGE" '.tags | map( select( startswith( $IMG + ":" ) ) | "-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf "$IMAGE@sha256:%s " *) - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) - - - name: Inspect image - env: - VERSION: ${{ steps.meta.outputs.version }} - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools inspect "$IMAGE:$VERSION" - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 00e881f9797b..000000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,295 +0,0 @@ -name: Build -on: - push: - branches: - - 'trunk' - - 'prerelease' - # The `**/*/` works around the fact that GitHub considers a leading `**/` as meaning "zero or more path components" where we want "one or more". - - '**/*/branch-**' - pull_request: -concurrency: - # Cancel concurrent jobs on pull_request but not push, by including the run_id in the concurrency group for the latter. - group: build-${{ github.event_name == 'push' && github.run_id || 'pr' }}-${{ github.ref }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - -jobs: - build: - name: Build all projects - runs-on: ubuntu-latest - timeout-minutes: 30 # 2023-05-25: Build times have crept up to ~15–25+ minutes as we've added more projects, bump to 30. - env: - # Hard-code a specific directory to avoid paths in vendor/composer/installed.json changing every build. - BUILD_BASE: /tmp/jetpack-build - # This string is used as a unique identifier of test reminder comments on PRs. - TEST_COMMENT_INDICATOR: "" - outputs: - any_plugins: ${{ steps.plugins.outputs.any }} - changed_projects: ${{ steps.changed.outputs.projects }} - - steps: - - uses: actions/checkout@v4 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Pnpm install - run: pnpm install - - - name: Detect changed projects - id: changed - run: | - CHANGED="$(EXTRA=build .github/files/list-changed-projects.sh)" - echo "projects=${CHANGED}" >> "$GITHUB_OUTPUT" - - - name: Check if a WordPress.com test reminder comment is needed. - id: check-test-reminder-comment - uses: actions/github-script@v7 - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }} - env: - CHANGED: ${{ steps.changed.outputs.projects }} - with: - script: | - const { checkTestPendingComment } = require('.github/files/build-reminder-comment/check-test-reminder-comment.js') - const data = await checkTestPendingComment( github, context, core ); - return data; - - # We need the tree (but not the blob) for packages that will have -alpha version numbers so the timestamp appending works right. - # We also need the tree for js-packages/social-logos/src/svg so the font build will work right. - - name: Deepen tree for packages - env: - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - mapfile -t PROJECTS < <(jq -r 'to_entries[] | select( .value ) | .key' <<<"$CHANGED") - if [[ ${#PROJECTS[@]} -gt 0 ]]; then - depth=$( git rev-list --count --first-parent HEAD ) - [[ "$depth" -lt 1000 ]] && depth=1000 - BASE=$PWD - REF=$(git rev-parse HEAD) - for SLUG in $(pnpm jetpack dependencies list --add-dependencies --extra="build" --ignore-root "${PROJECTS[@]}"); do - cd "$BASE/projects/$SLUG/" - if [[ "$SLUG" == packages/* ]]; then - SUBDIR=. - # Only deepen if it'll be a -alpha, i.e. it has changelog entries - CHANGES_DIR="$(jq -r '.extra.changelogger["changes-dir"] // "changelog"' composer.json)" - [[ -d "$CHANGES_DIR" && -n "$(ls -- "$CHANGES_DIR")" ]] || continue - elif [[ "$SLUG" == js-packages/social-logos ]]; then - SUBDIR=./src/svg - else - continue - fi - echo "Checking depth for $SLUG" - while git log --format='%h, %D,' -1 "$SUBDIR" | grep ', grafted,'; do - depth=$((depth * 2)) - echo "::group::Deepen to $depth" - echo "/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=$depth --filter=blob:none origin $REF" - /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=$depth --filter=blob:none origin "$REF" - echo "::endgroup::" - done - done - fi - - - name: Build changed projects - id: build - env: - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - mapfile -t PROJECTS < <(jq -r 'to_entries[] | select( .value ) | .key' <<<"$CHANGED") - if [[ ${#PROJECTS[@]} -eq 0 ]]; then - echo "Nothing to build. Generating empty artifact." - mkdir "$BUILD_BASE" - touch "$BUILD_BASE/mirrors.txt" - else - pnpm jetpack build -v --no-pnpm-install --for-mirrors="$BUILD_BASE" "${PROJECTS[@]}" - fi - - - name: Filter mirror list for release branch - if: github.ref == 'refs/heads/prerelease' || contains( github.ref, '/branch-' ) - run: .github/files/filter-mirrors-for-release-branch.sh - - - name: Determine plugins to publish - id: plugins - run: | - jq -r 'if .extra["mirror-repo"] and ( .extra["beta-plugin-slug"] // .extra["wp-plugin-slug"] ) then [ ( input_filename | sub( "/composer\\.json$"; "" ) ), .extra["mirror-repo"], .extra["beta-plugin-slug"] // .extra["wp-plugin-slug"] ] else empty end | @tsv' projects/plugins/*/composer.json | while IFS=$'\t' read -r SRC MIRROR SLUG; do - if [[ -e "$BUILD_BASE/$MIRROR" ]] && grep -q --fixed-strings --line-regexp "$MIRROR" "$BUILD_BASE/mirrors.txt"; then - printf '%s\t%s\t%s\n' "$SRC" "$MIRROR" "$SLUG" - fi - done > "$BUILD_BASE/plugins.tsv" - if [[ -s "$BUILD_BASE/plugins.tsv" ]]; then - cat "$BUILD_BASE/plugins.tsv" - echo "any=true" >> "$GITHUB_OUTPUT" - else - echo "No plugins were built" - echo "any=false" >> "$GITHUB_OUTPUT" - fi - - # GitHub's artifact stuff doesn't preserve permissions or file case. Sigh. - # This is the official workaround: https://github.com/actions/upload-artifact#maintaining-file-permissions-and-case-sensitive-files - # It'll also make it faster to upload and download though, so maybe it's a win anyway. - - name: Create archive - run: tar --owner=0 --group=0 --xz -cvvf build.tar.xz -C "$BUILD_BASE" --transform 's,^\.,build,' . - - - name: Store build as artifact - uses: actions/upload-artifact@v4 - with: - name: jetpack-build - path: build.tar.xz - # Retain trunk builds for 7 days so we can manually download for branch comparisons. Branch builds only need one day so the beta builder can slurp it up to distribute. - retention-days: ${{ github.ref == 'refs/heads/trunk' && 7 || 1 }} - # Already compressed. - compression-level: 0 - - - name: Store plugins.tsv as artifact - if: steps.plugins.outputs.any == 'true' - uses: actions/upload-artifact@v4 - with: - name: plugins.tsv - path: ${{ env.BUILD_BASE }}/plugins.tsv - # We don't really care about this artifact, its presence is a flag to the post-build job. - retention-days: 1 - - - name: Update reminder with testing instructions - id: update-reminder-comment - uses: actions/github-script@v7 - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && fromJSON(steps.check-test-reminder-comment.outputs.result)['commentId'] != 0 }} - env: - BRANCH_NAME: ${{ github.head_ref }} - DATA: ${{ steps.check-test-reminder-comment.outputs.result }} - with: - script: | - const { checkTestReminderComment } = require('.github/files/build-reminder-comment/check-test-reminder-comment.js') - await checkTestReminderComment( github, context, core ); - - jetpack_beta: - name: Create artifact for Jetpack Beta plugin - runs-on: ubuntu-latest - needs: build - if: needs.build.outputs.any_plugins == 'true' - timeout-minutes: 10 # 2021-06-24: Successful runs should take just a few seconds now. But sometimes the upload is slow. - steps: - - uses: actions/checkout@v4 - with: - path: monorepo - - - name: Download build artifact - uses: actions/download-artifact@v4 - with: - name: jetpack-build - - name: Extract build archive - run: tar --xz -xvvf build.tar.xz build - - - name: Prepare plugin zips - id: prepare - env: - SHA: ${{ github.event.pull_request.head.sha || github.sha }} - run: | - mkdir work - mkdir zips - - # Current version must compare greather than any previously used current version for this PR. - # Assume GH run IDs are monotonic. - VERSUFFIX="${GITHUB_RUN_ID}-g${SHA:0:8}" - - ANY_BUILT=false - - while IFS=$'\t' read -r SRC MIRROR SLUG; do - echo "::group::$MIRROR (src=$SRC slug=$SLUG)" - - if [[ ! -e "build/$MIRROR" ]]; then - echo "Plugin was not built, skipping." - echo "::endgroup::" - continue - fi - - if ! grep -q --fixed-strings --line-regexp "$MIRROR" build/mirrors.txt; then - echo "Plugin is not being mirrored in this build, skipping." - echo "::endgroup::" - continue - fi - - # The Jetpack Beta Tester plugin needs the base directory name to be like "${SLUG}-dev", so copy it over. - mv "build/$MIRROR" "work/${SLUG}-dev" - - # Copy testing docs that are not included in the mirror. - if [[ -e "$SRC/to-test.md" ]]; then - cp "$SRC/to-test.md" "work/${SLUG}-dev/" - fi - - # Extract and update version. - CURRENT_VERSION=$(monorepo/tools/plugin-version.sh "work/${SLUG}-dev/")-$VERSUFFIX - echo "Using version $CURRENT_VERSION" - echo "$CURRENT_VERSION" > "work/${SLUG}-dev/version.txt" - # Don't use plugin-version.sh here, updating JETPACK__VERSION would clutter stats. - sed -i -e 's/Version: .*$/Version: '"$CURRENT_VERSION"'/' "work/${SLUG}-dev"/*.php - - # Remove .github directory. - rm -rf "work/${SLUG}-dev/.github" - - # Zip the plugin - ( cd work && zip -9 -r "../zips/${SLUG}-dev.zip" "${SLUG}-dev" ) - - ANY_BUILT=true - - echo "::endgroup::" - done < build/plugins.tsv - if ! $ANY_BUILT; then - echo "No plugins were built" - fi - echo "any-built=$ANY_BUILT" >> "$GITHUB_OUTPUT" - - - name: Create plugins artifact - uses: actions/upload-artifact@v4 - if: steps.prepare.outputs.any-built == 'true' - with: - name: plugins - path: zips - # Only need to retain for a day since the beta builder slurps it up to distribute. - retention-days: 1 - # Already compressed. - compression-level: 0 - - update_mirrors: - name: Push to mirror repos - runs-on: ubuntu-latest - needs: build - - if: github.event_name == 'push' && github.repository == 'Automattic/jetpack' - - # Not setting a job-level timeout because it would be kind of pointless with the blocking step. Set a step timeout for all other steps instead. - steps: - - uses: actions/checkout@v4 - with: - path: monorepo - timeout-minutes: 1 # 2021-01-18: Successful runs seem to take a few seconds - - - name: Download build artifact - uses: actions/download-artifact@v4 - with: - name: jetpack-build - timeout-minutes: 2 # 2022-03-15: Successful runs normally take a few seconds, but on occasion they've been taking 60+ recently. - - name: Extract build archive - run: tar --xz -xvvf build.tar.xz build - timeout-minutes: 1 # 2021-01-18: Successful runs seem to take a few seconds - - - name: Wait for prior instances of the workflow to finish - uses: ./monorepo/.github/actions/turnstile - - - name: Push changed projects - uses: ./monorepo/projects/github-actions/push-to-mirrors - with: - source-directory: ${{ github.workspace }}/monorepo - token: ${{ secrets.API_TOKEN_GITHUB }} - upstream-ref-since: '2024-04-10' # No point in checking 12 years of earlier commits from before we started adding "Upstream-Ref". - username: matticbot - working-directory: ${{ github.workspace }}/build - timeout-minutes: 10 # 2024-04-11: Successful runs seem to take about a minute. diff --git a/.github/workflows/check-actions-rate-limit.yml b/.github/workflows/check-actions-rate-limit.yml deleted file mode 100644 index 6aa949eda55a..000000000000 --- a/.github/workflows/check-actions-rate-limit.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Check Actions rate limit -on: - workflow_dispatch: - -jobs: - check: - name: Check Actions rate limit - runs-on: ubuntu-latest - steps: - - name: Check rate limit - env: - TOKEN: ${{ github.token }} - run: | - curl -v --no-progress-meter --header "Authorization: Bearer $TOKEN" https://api.github.com/rate_limit diff --git a/.github/workflows/coverage-check.yml b/.github/workflows/coverage-check.yml deleted file mode 100644 index 1b1ba7d7e3b6..000000000000 --- a/.github/workflows/coverage-check.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Coverage check -on: - pull_request: - types: [labeled, unlabeled] - workflow_dispatch: - inputs: - pr: - description: PR - type: number - required: true - -concurrency: - group: coverage-check-${{ github.head_ref || github.ref_name }}-${{ github.event_name == 'pull_request' && github.event.pull_request.number || inputs.pr }}-${{ github.event.pull_request.label.id || '' }} - cancel-in-progress: true - -permissions: - checks: read - pull-requests: write - statuses: write - -jobs: - code-coverage-label: - name: "Update code coverage check" - runs-on: ubuntu-latest - if: > - ( github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name ) && - ( github.event_name == 'workflow_dispatch' || github.event.label.name == 'I don''t care about code coverage for this PR' || github.event.label.name == 'Covered by non-unit tests' || github.event.label.name == 'Coverage tests to be added later' ) - timeout-minutes: 5 # 2025-02-06: Should be pretty quick. - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Post message - env: - PR_ID: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || inputs.pr }} - PR_HEAD: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} - POST_MESSAGE_TOKEN: ${{ steps.get_token.outputs.token }} - run: .github/files/coverage-munger/post-message.sh diff --git a/.github/workflows/delete-mirror-branches.yml b/.github/workflows/delete-mirror-branches.yml deleted file mode 100644 index 3d2030a8883e..000000000000 --- a/.github/workflows/delete-mirror-branches.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Delete mirror branches -on: - delete: - -jobs: - delete: - name: Delete `${{ github.event.ref }}` - runs-on: ubuntu-latest - timeout-minutes: 5 # 2022-11-21: Shouldn't take long. - if: github.event_name == 'delete' && github.repository == 'Automattic/jetpack' && github.event.ref == 'prerelease' - steps: - - uses: actions/checkout@v4 - with: - ref: trunk - - name: Delete branches - env: - TOKEN: ${{ secrets.API_TOKEN_GITHUB }} - REF: heads/${{ github.event.ref }} - run: | - for repo in $(jq -r '.extra["mirror-repo"] // empty' projects/*/*/composer.json | sort -u); do - echo "::group::Deleting $REF on $repo" - RES="$(curl -v -L -X DELETE --header "Authorization: Bearer $TOKEN" "https://api.github.com/repos/$repo/git/refs/$REF")" - echo '::endgroup::' - echo "$RES" - done diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml deleted file mode 100644 index 69a3ab037b1c..000000000000 --- a/.github/workflows/e2e-tests.yml +++ /dev/null @@ -1,409 +0,0 @@ -name: E2E Tests - -on: - pull_request: - paths-ignore: - - '**.md' - repository_dispatch: - types: [ 'e2e tests**' ] - -concurrency: - group: e2e-tests-${{ github.event_name }}-${{ github.ref }}-${{ github.event.action }} - cancel-in-progress: true - -env: - FORCE_COLOR: 1 - -jobs: - create-test-matrix: - name: "Determine tests matrix" - runs-on: ubuntu-latest - timeout-minutes: 5 # 2023-09-15: The pnpm install may take a few minutes on cache miss. - # Only run tests in the main repository - if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - outputs: - matrix: ${{ steps.evaluate.outputs.matrix }} - build-matrix: ${{ steps.evaluate.outputs.build-matrix }} - steps: - - uses: actions/checkout@v4 - - # For pull requests, list-changed-projects.sh needs the merge base. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - - - name: Setup tools - uses: ./.github/actions/tool-setup - - # Required for list-changed-projects.sh - - name: Install monorepo - run: | - pnpm install - - - name: Create test plan - id: evaluate - env: - DISPATCH_REPO: ${{ github.event.client_payload.repository }} - REF_NAME: ${{ github.event.client_payload.ref_name }} - REF_TYPE: ${{ github.event.client_payload.ref_type }} - run: | - MATRIX="$(node .github/files/e2e-tests/e2e-matrix.js)" - echo "matrix: $MATRIX" - echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" - if [[ "$GITHUB_EVENT_NAME" == repository_dispatch ]]; then - echo "No build needed for $GITHUB_EVENT_NAME" - BUILD_MATRIX="[]" - else - BUILD_MATRIX=$(jq -c '[ .[] | select( .suite | startswith( "atomic" ) | not ) | { buildGroup: .buildGroup, path: .path } ] | unique' <<<"$MATRIX") - echo "build matrix: $BUILD_MATRIX" - BAD=$( jq -r '[ group_by( .buildGroup )[] | select( length > 1 ) | .[0].buildGroup ] | unique | join( "," )' <<<"$BUILD_MATRIX" ) - if [[ -n "$BAD" ]]; then - echo "::error::One or more build groups have multiple paths: $BAD" - exit 1 - fi - fi - echo "build-matrix=$BUILD_MATRIX" >> "$GITHUB_OUTPUT" - - build-projects: - name: "E2E: Build ${{ matrix.buildGroup }}" - runs-on: ubuntu-latest - needs: create-test-matrix - timeout-minutes: 30 - if: needs.create-test-matrix.outputs.build-matrix != '[]' - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.create-test-matrix.outputs.build-matrix ) }} - steps: - - name: Ensure ${{ matrix.buildGroup }} build cache - id: jetpack-build-cache - uses: actions/cache/restore@v4 - with: - lookup-only: true - path: | - . - !./.github/ - key: ${{ matrix.buildGroup }}-${{ github.sha }} - - - name: Checkout code - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - uses: actions/checkout@v4 - - - name: Setup tools - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - uses: ./.github/actions/tool-setup - - - name: Install monorepo - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - run: pnpm install - - - name: Build projects - id: build-step - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - env: - COMPOSER_ROOT_VERSION: "dev-trunk" - BUILD_DIR: ./build-output - PROJECT_PATH: ${{ matrix.path }} - run: | - find . -path ./.github -prune -o -type f -print | sort > /tmp/before.txt - echo "::group::Build plugin(s)" - cd "$PROJECT_PATH" - pnpm run build - cd "$GITHUB_WORKSPACE" - echo "::endgroup::" - - # We only want to save the files that were actually created or changed. - # But we can't just list them for actions/cache/save, "Argument list too long". - # So instead we delete all the unchanged files so we can tell actions/cache/save - # to save everything that's left. - git -c core.quotepath=off diff --name-only | sort > /tmp/changed.txt - if [[ -s /tmp/changed.txt ]]; then - grep -F -x -v -f /tmp/changed.txt /tmp/before.txt > /tmp/remove.txt - else - cp /tmp/before.txt /tmp/remove.txt - fi - xargs -d '\n' rm < /tmp/remove.txt - find . -type d -empty -delete - - - name: Save ${{ matrix.buildGroup }} build cache - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - id: jetpack-build-cache-save - uses: actions/cache/save@v4 - with: - path: | - . - !./.github/ - key: ${{ steps.jetpack-build-cache.outputs.cache-primary-key }} - - e2e-tests: - name: "${{ matrix.project }} e2e tests" - runs-on: ubuntu-latest - needs: [ create-test-matrix, build-projects ] - # The "always() && ! cancelled() && ! failure()" bit is needed to still run if the build was skipped. - if: > - always() && ! cancelled() && ! failure() && - needs.create-test-matrix.result == 'success' && needs.create-test-matrix.outputs.matrix != '[]' - timeout-minutes: 60 - env: - WP_DEBUG_PATH: '${{ github.workspace }}/tools/docker/wordpress/wp-content/debug.log' - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.create-test-matrix.outputs.matrix ) }} - steps: - - uses: actions/checkout@v4 - - - name: Restore ${{ matrix.buildGroup }} build cache - id: jetpack-build-cache - if: needs.build-projects.result == 'success' && ! startsWith( matrix.suite, 'atomic' ) - uses: actions/cache/restore@v4 - with: - path: | - . - !./.github/ - key: ${{ matrix.buildGroup }}-${{ github.sha }} - fail-on-cache-miss: true - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Install monorepo - run: | - pnpm install - - - name: Checkout jetpack-production - if: github.event_name == 'repository_dispatch' && github.event.client_payload.repository != 'Automattic/jetpack-production' - uses: actions/checkout@v4 - with: - repository: Automattic/jetpack-production - path: build-output/build/Automattic/jetpack-production - - - name: Checkout mirror repo - if: github.event_name == 'repository_dispatch' - uses: actions/checkout@v4 - with: - repository: ${{ github.event.client_payload.repository }} - ref: ${{ github.event.client_payload.ref_name }} - path: build-output/build/${{ github.event.client_payload.repository }} - - - name: Prepare build - env: - COMPOSER_ROOT_VERSION: "dev-trunk" - BUILD_DIR: ./build-output - PROJECT_PATH: ${{ matrix.path }} - SUITE: ${{ matrix.suite }} - BUILD_JOB_RESULT: ${{ needs.build-projects.result }} - run: | - # Only execute these steps if the event name is 'repository_dispatch' - if [[ "$GITHUB_EVENT_NAME" == repository_dispatch ]]; then - if [[ "$BUILD_JOB_RESULT" != 'skipped' ]]; then - echo "::error::Build job ran but result is not being used!" - exit 1 - fi - - echo "::group::Update volume mapping" - .github/files/e2e-tests/map-plugins-for-e2e-env.sh - echo "::endgroup::" - elif [[ "$SUITE" != atomic* ]]; then - echo "Using artifact from build-projects job" - fi - - - name: Test environment set-up - working-directory: ${{ matrix.path }} - env: - CONFIG_KEY: ${{ secrets.E2E_CONFIG_KEY }} - SUITE: ${{ matrix.suite }} - PROJECT_NAME: ${{ matrix.project }} - HOST_CWD: ${{ github.workspace }} - run: | - echo "::group::Decrypt config" - pnpm run config:decrypt - echo "::endgroup::" - - # Ensure that wp debug.log exists and the web process can write to it - mkdir -p "$(dirname "$WP_DEBUG_PATH")" - touch "$WP_DEBUG_PATH" - chmod 0666 "$WP_DEBUG_PATH" - - if [[ "${SUITE}" != atomic* && "${SUITE}" != vip ]]; then - echo "::group::Start docker environment" - pnpm run env:up - echo "::endgroup::" - - echo "::group::Create tunnel" - nohup pnpm run tunnel:up "$HOME/tunnel.log" - echo "::endgroup::" - fi - - if [ "${SUITE}" == gutenberg ]; then - echo "::group::Setting up Gutenberg" - pnpm e2e-env gb-setup - echo "::endgroup::" - fi - - - name: Wait for atomic site to be ready - if: ${{ startsWith(matrix.suite, 'atomic') }} - working-directory: ${{ matrix.path }} - env: - DISPATCH_REF_NAME: ${{ github.event.client_payload.ref_name }} - DISPATCH_REF_TYPE: ${{ github.event.client_payload.ref_type }} - run: | - SITE="atomic" - - if [[ "${DISPATCH_REF_NAME}" != trunk ]]; then - SITE="atomicRc" - fi - - echo "TEST_SITE=${SITE}" >> $GITHUB_ENV - - # Wait for the site to pick up latest tag version (DISPATCH_REF_NAME) - TEST_SITE="${SITE}" node "$GITHUB_WORKSPACE/tools/e2e-commons/bin/update-beta-version.js" $DISPATCH_REF_TYPE $DISPATCH_REF_NAME - - - name: Set up VIP site - if: ${{ matrix.suite == 'vip' }} - working-directory: ${{ matrix.path }} - run: | - echo "TEST_SITE=vip" >> $GITHUB_ENV - - - name: Run ${{ matrix.project }} tests - working-directory: ${{ matrix.path }} - env: - JSON_ARGS: ${{ toJSON(matrix.testArgs) }} - run: | - mapfile -t TEST_ARGS < <(jq -r '.[]' <<<"$JSON_ARGS") - pnpm run test:run "${TEST_ARGS[@]}" - - - name: Write report metadata - if: ${{ always() }} - env: - SUITE: ${{ matrix.suite }} - PR_NUMBER: ${{ github.event.pull_request.number }} - OUTPUT_PATH: ${{ matrix.path }} - run: .github/files/e2e-tests/report-metadata.sh - - - name: Test environment tear-down - if: ${{ always() }} - working-directory: ${{ matrix.path }} - continue-on-error: true - run: | - # Copy debug.log to output folder, if it exists - [[ ! -f "$WP_DEBUG_PATH" ]] || cp "$WP_DEBUG_PATH" "output/logs/php_errors.log" - - pnpm run tunnel:down - echo "::group::Tunnel logs" - cat "$HOME/tunnel.log" - echo "::endgroup::" - - # Update permissions to workaround https://github.com/actions/cache/issues/753 - sudo chown -R runner:docker "$GITHUB_WORKSPACE/tools/docker" - - - name: Upload test artifacts - if: ${{ always() }} - continue-on-error: true - uses: actions/upload-artifact@v4 - with: - name: test-output-${{ matrix.project }} - path: ${{ matrix.path }}/output - include-hidden-files: true - - test-report: - name: "Test report" - runs-on: ubuntu-latest - if: ${{ always() && needs.e2e-tests.result != 'cancelled' }} - needs: [e2e-tests] - - steps: - - name: Set report context - id: report-context - env: - DISPATCH_REF_NAME: ${{ github.event.client_payload.ref_name }} - DISPATCH_REPO: ${{ github.event.client_payload.repository }} - PR_TITLE: ${{ github.event.pull_request.title }} - PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - REPOSITORY=$GITHUB_REPOSITORY - - if [ "$GITHUB_EVENT_NAME" == pull_request ]; then - BRANCH=$GITHUB_HEAD_REF - elif [ "$GITHUB_EVENT_NAME" == repository_dispatch ]; then - BRANCH=$DISPATCH_REF_NAME - REPOSITORY=$DISPATCH_REPO - else - BRANCH=${GITHUB_REF:11} - fi - - echo "EVENT_TYPE=e2e run $GITHUB_RUN_ID at $GITHUB_EVENT_NAME on $GITHUB_REPOSITORY" >> "$GITHUB_OUTPUT" - echo "CLIENT_PAYLOAD=$( jq -nrc --arg repository "$REPOSITORY" --arg branch "$BRANCH" --arg pr_title "$PR_TITLE" --arg pr_number "$PR_NUMBER" --arg run_id "$GITHUB_RUN_ID" '{ repository: $repository, branch: $branch, pr_title: $pr_title, pr_number: $pr_number, run_id: $run_id }' )" >> "$GITHUB_OUTPUT" - - - name: Trigger test report workflow - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.E2E_TEST_REPORTS_TOKEN }} - repository: automattic/jetpack-e2e-reports - event-type: ${{ steps.report-context.outputs.event_type }} - client-payload: ${{ steps.report-context.outputs.client_payload }} - - - name: Display link to test report in Action Summary - uses: actions/github-script@v7 - with: - script: | - await core.summary - .addHeading( 'E2E Test Report' ) - .addLink( - `E2E Test Report`, - `https://automattic.github.io/jetpack-e2e-reports/${ context.issue.number }/report/` - ) - .addBreak() - .addRaw('Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.', true) - .write() - - slack-notification: - name: "Slack notification" - runs-on: ubuntu-latest - if: ${{ always() && needs.e2e-tests.result != 'cancelled' }} - needs: [e2e-tests] - - steps: - - uses: actions/checkout@v4 - - - name: Set up tools - uses: ./.github/actions/tool-setup - - - name: Build action - env: - COMPOSER_ROOT_VERSION: dev-trunk - run: | - pnpm install - composer install - composer build-development - working-directory: ./projects/github-actions/test-results-to-slack - - - name: Download test artifacts - uses: actions/download-artifact@v4 - with: - path: test-output - - - name: Decrypt config - env: - CONFIG_KEY: ${{ secrets.E2E_CONFIG_KEY }} - run: ./.github/files/e2e-tests/encryption.sh decrypt - - - name: Tag release candidate runs - if: github.event_name == 'repository_dispatch' && github.event.client_payload.ref_type == 'tag' - env: - VERSION: ${{ github.event.client_payload.ref_name }} - run: echo "NOTIFICATION_SUITE=rc-${VERSION}" >> $GITHUB_ENV - - - name: "Send notification" - uses: ./projects/github-actions/test-results-to-slack - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - slack_token: ${{ secrets.SLACK_TOKEN }} - slack_channel: ${{ secrets.SLACK_E2E_CHANNEL }} - slack_icon_emoji: ":jetpack:" - suite_name: ${{ env.NOTIFICATION_SUITE }} - playwright_report_path: test-output/**/summary.json - playwright_output_dir: test-output/**/results - rules_configuration_path: .github/files/e2e-tests/notification-rules.json - - diff --git a/.github/workflows/gardening.yml b/.github/workflows/gardening.yml deleted file mode 100644 index a32fee68ea63..000000000000 --- a/.github/workflows/gardening.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Gardening -on: - pull_request_target: # When a PR is opened, edited, updated, closed, or a label is added. - types: [opened, reopened, synchronize, edited, labeled, closed ] - issues: # For auto-triage of issues. - types: [opened, reopened, labeled, edited, closed] - issue_comment: # To gather support references in issue comments. - types: [created] - push: - branches: - - trunk # Every time a PR is merged to trunk. -concurrency: - # For pull_request_target, cancel any concurrent jobs with the same type (e.g. "opened", "labeled") and branch. - # Don't cancel any for other events, accomplished by grouping on the unique run_id. - group: gardening-${{ github.event_name }}-${{ github.event.action }}-${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.ref || github.run_id }} - cancel-in-progress: true - -jobs: - repo-gardening: - name: "Manage labels and assignees" - runs-on: ubuntu-latest - if: github.event_name == 'pull_request_target' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - timeout-minutes: 10 # 2021-03-12: Successful runs seem to take a few seconds, but can sometimes take a lot longer since we wait for previous runs to complete. - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Building Action - env: - COMPOSER_ROOT_VERSION: dev-trunk - run: | - pnpm install - composer install - composer build-development - working-directory: ./projects/github-actions/repo-gardening - - - name: Check out the PR - if: github.event_name == 'pull_request_target' && github.event.pull_request.state != 'closed' - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - # DO NOT run any code in this checkout. Not even an `npm install`. - path: ./pr-checkout - - - name: Wait for prior instances of the workflow to finish - uses: ./.github/actions/turnstile - with: - # Split issues and issue_comment triggers from the rest. Otherwise a lot of issue work can result in pushes to trunk timing out. - events: ${{ ( github.event_name == 'issues' || github.event_name == 'issue_comment' ) && 'issues issue_comment' || '' }} - ignore-events: ${{ ( github.event_name != 'issues' && github.event_name != 'issue_comment' ) && 'issues issue_comment' || '' }} - - - name: "Run the action (assign, manage milestones, for issues and PRs)" - uses: ./projects/github-actions/repo-gardening - env: - PR_WORKSPACE: ${{ github.workspace }}${{ github.event_name == 'pull_request_target' && '/pr-checkout' || '' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - slack_token: ${{ secrets.SLACK_TOKEN }} - slack_team_channel: ${{ secrets.SLACK_TEAM_CHANNEL }} - slack_design_channel: ${{ secrets.SLACK_DESIGN_CHANNEL }} - slack_editorial_channel: ${{ secrets.SLACK_EDITORIAL_CHANNEL }} - slack_he_triage_channel: ${{ secrets.SLACK_HE_TRIAGE_CHANNEL }} - slack_quality_channel: ${{ secrets.SLACK_QUALITY_CHANNEL }} - triage_projects_token: ${{ secrets.PROJECT_AUTOMATION_TOKEN }} - project_board_url: ${{ secrets.PROJECT_BOARD_URL }} - openai_api_key: ${{ secrets.OPENAI_API_KEY }} diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 0af57af8d7a2..de6e629ce97f 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -58,6 +58,9 @@ jobs: # Whether any excluded files were modified or deleted. excludelist: ${{ steps.filterExcludeList.outputs.excluded_files != '[]' || steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_php == 'true' || steps.filter.outputs.misc_js == 'true' || steps.filter.outputs.misc_excludelist == 'true' }} + # Whether any auto-updated Phan stub files were changed. + phanstubs: ${{ steps.filter.outputs.phanstubs == 'true' }} + steps: - uses: actions/checkout@v4 @@ -147,6 +150,9 @@ jobs: misc: # If the workflow itself changed, everything should re-run. - '.github/workflows/linting.yml' + phanstubs: + # If auto-generated Phan stub files are changed, we may want to post a warning to the PR. + - '.phan/stubs/**' - id: filterPHP shell: bash @@ -522,3 +528,34 @@ jobs: - run: pnpm install - run: .github/files/lint-project-structure.sh + + ### Warn on manual updates to Phan auto-generated stubs + phan_stubs: + name: Phan stubs + runs-on: ubuntu-latest + needs: changed_files + if: needs.changed_files.outputs.phanstubs == 'true' && github.event.pull_request.user.login != 'matticbot' + timeout-minutes: 5 # 2025-07-28: Probably takes about a minute. + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/deepen-to-merge-base + id: deepen + - name: Warn about stubs + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ github.event.pull_request.number }} + BASE: ${{ steps.deepen.outputs.merge-base }} + HEAD: ${{ github.event.pull_request.head.sha }} + run: | + COMMENTS='[]' + while IFS= read -r FILE; do + # TODO: If they add a way to do file-level comments in this API, switch to that. + COMMENTS=$( jq --arg file "$FILE" '. += [ { path: $file, body: "This file is automatically generated and should not be edited directly. See the comment at the top of the file for details.\n\nIf you have any questions, ping `@jetpack-monorepo`.", position: 1 } ]' <<<"$COMMENTS" ) + done < <( git -c core.quotepath=off diff --name-only "$BASE"...HEAD -- .phan/stubs/ ':!.phan/stubs/photon-opencv-stubs.php' ':!.phan/stubs/wordpress-constants.php' ':!.phan/stubs/wordpress-globals.jsonc' ) + if [[ "$COMMENTS" != "[]" ]]; then + REQ=$( jq -n --arg commit_id "$HEAD" --argjson comments "$COMMENTS" '{ commit_id: $commit_id, body: "", event: "COMMENT", comments: $comments }' ) + echo "POST /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" + echo "REQUEST=$REQ" + gh api "/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" -X POST --input - <<<"$REQ" + exit 1 + fi diff --git a/.github/workflows/phpcompatibility-dev.yml b/.github/workflows/phpcompatibility-dev.yml deleted file mode 100644 index 811b4124a82d..000000000000 --- a/.github/workflows/phpcompatibility-dev.yml +++ /dev/null @@ -1,83 +0,0 @@ -# This Github Action is temporary, to run the development version of PHPCompatibility to test for PHP 8 issues. -# -# Once we're getting that by default (likely due to an upgrade of automattic/jetpack-codesniffer to pull a version of phpcompatibility/phpcompatibility-wp that pulls phpcompatibility/php-compatibility 10.0+), -# this action and .github/files/phpcompatibility-dev-phpcs.xml should be deleted. - -name: PHP Compatibility - -on: pull_request -concurrency: - group: phpcompatibility-dev-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - -jobs: - changed_files: - name: detect changed files - runs-on: ubuntu-latest - timeout-minutes: 1 # 2021-01-18: Successful runs seem to take a few seconds. - outputs: - php: ${{ steps.filter.outputs.php }} - misc: ${{ steps.filter.outputs.misc }} - - steps: - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - php: - # If any PHP file changed, they need checking. - - '**.php' - misc: - # If composer or phpcs config changed, there may be a new standard. - - 'composer.json' - - 'composer.lock' - - '.phpcs.config.xml' - - '.phpcs.xml.dist' - - '.phpcsignore' - - '**/.phpcs.dir.xml' - - '**/.phpcsignore' - # If other files used by this workflow changed, run it to test those changes. - - '.github/files/phpcompatibility-dev-phpcs.xml' - - '.github/matchers/phpcs-problem-matcher.json' - - '.github/workflows/phpcompatibility-dev.yml' - - phpcompatibility: - name: dev branch for PHP 8.0 - runs-on: ubuntu-latest - needs: changed_files - if: needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc == 'true' - timeout-minutes: 5 # 2021-01-18: Successful runs seem to take ~1 minute. - - steps: - - uses: actions/checkout@v4 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Install dependencies - run: composer install - - - name: Upgrade PHPCompatibility - run: | - if [[ -e vendor/phpcompatibility/php-compatibility/PHPCompatibility/Sniffs/ControlStructures/NewNonCapturingCatchSniff.php ]]; then - echo "::error file=.github/workflows/phpcompatibility-dev.yml,line=4,col=1::It looks like PHPCompatibility is already at version 10.0, making this Github Action obsolete. Please remove it." - exit 1 - fi - composer remove --dev --no-update automattic/jetpack-codesniffer - composer require --dev --no-update phpcompatibility/php-compatibility='dev-develop as 9.9999.9999' - composer require --dev --no-update phpcompatibility/phpcompatibility-wp=dev-master - # Update any other packages needing update now too. - composer update - # Even though we uninstalled our codesniffer package, we need the compat rulesets to be found. - vendor/bin/phpcs --config-set installed_paths "$(vendor/bin/phpcs --config-show | sed -n 's/^installed_paths: //p'),../../../projects/packages/codesniffer" - - - name: Run phpcs for PHPCompatibility - run: | - echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" - vendor/bin/phpcs -p -s --report=emacs --standard=.github/files/phpcompatibility-dev-phpcs.xml - echo "::remove-matcher owner=phpcs" diff --git a/.github/workflows/post-build.yml b/.github/workflows/post-build.yml deleted file mode 100644 index 1ff2217d133a..000000000000 --- a/.github/workflows/post-build.yml +++ /dev/null @@ -1,483 +0,0 @@ -name: Post-Build -run-name: Post-Build on ${{ github.event.workflow_run.head_branch }} -on: - workflow_run: - types: [ 'completed' ] - workflows: - - Build -concurrency: - # Cancel concurrent jobs on pull_request but not push, by including the run_id in the concurrency group for the latter. - group: post-build-${{ github.event.workflow_run.event == 'push' && github.run_id || 'pr' }}-${{ github.event.workflow_run.head_branch }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - SUMMARY: Post-Build run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for Build run [#${{ github.event.workflow_run.id }}](${{ github.event.workflow_run.html_url }}) - -permissions: - actions: read - contents: read - pull-requests: read - -# Note the job logic here is a bit unusual. That's because this workflow is triggered by `workflow_run`, and so is not shown on the PR by default. -# Instead we have to manually report back, including where we could normally just skip or let a failure be handled. -# - If the "Build" job failed, we need to set our status as failed too (build_failed). -# - If the find_artifact job fails for some reason, we need a step to explicitly report that back. -# - If no plugins are found, we need to explicitly report back a "skipped" status. -# - And the upgrade_test job both explicitly sets "in progress" at its start and updates at its end. -# -# If you're wanting to add a new check, you'd want to do the following: -# - Add a step in the `setup` workflow to create your check, and a corresponding output for later steps to have the ID. -# - Add a step in the `build_failed` workflow to set your run to cancelled. -# - Add a job to run whatever tests you need to run, with steps similar to the `upgrade_test` workflow's "Get token", "Notify check in progress", and "Notify final status". -# - Add a step in the `no_plugins` workflow to set your run to skipped if your job only runs when there are plugins built. - -jobs: - setup: - name: Setup - runs-on: ubuntu-latest - timeout-minutes: 2 # 2022-12-20: Seems like it should be fast. - outputs: - upgrade_check: ${{ steps.upgrade_check.outputs.id }} - wpcom_filename_check: ${{ steps.wpcom_filename_check.outputs.id }} - steps: - - name: Log info - run: | - echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY - - - uses: actions/checkout@v4 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: 'Create "Test plugin upgrades" check' - id: upgrade_check - uses: ./.github/actions/check-run - with: - name: Test plugin upgrades - sha: ${{ github.event.workflow_run.head_sha }} - status: queued - title: Test queued... - summary: | - ${{ env.SUMMARY }} - token: ${{ steps.get_token.outputs.token }} - - - name: 'Create "Test wpcom filename restrictions" check' - id: wpcom_filename_check - uses: ./.github/actions/check-run - with: - name: Test wpcom filename restrictions - sha: ${{ github.event.workflow_run.head_sha }} - status: queued - title: Test queued... - summary: | - ${{ env.SUMMARY }} - token: ${{ steps.get_token.outputs.token }} - - build_failed: - name: Handle build failure - runs-on: ubuntu-latest - needs: setup - if: github.event.workflow_run.conclusion != 'success' - timeout-minutes: 2 # 2022-08-26: Seems like it should be fast. - steps: - - uses: actions/checkout@v4 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: 'Mark "Test plugin upgrades" cancelled' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: cancelled - title: Build failed - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the build did not succeed. - token: ${{ steps.get_token.outputs.token }} - - - name: 'Mark "Test wpcom filename restrictions" cancelled' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: cancelled - title: Build failed - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the build did not succeed. - token: ${{ steps.get_token.outputs.token }} - - find_artifact: - name: Find artifact - runs-on: ubuntu-latest - needs: setup - if: github.event.workflow_run.conclusion == 'success' - timeout-minutes: 2 # 2022-08-26: Seems like it should be fast. - outputs: - zip_url: ${{ steps.run.outputs.zip_url }} - any_plugins: ${{ steps.run.outputs.any_plugins }} - steps: - - uses: actions/checkout@v4 - - - name: Find artifact - id: run - env: - TOKEN: ${{ github.token }} - URL: ${{ github.event.workflow_run.artifacts_url }} - run: | - for (( i=1; i<=5; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Fetch list of artifacts (attempt $i/5)" - JSON="$(curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$URL" - )" - echo "$JSON" - echo "::endgroup::" - ZIPURL="$(jq -r '.artifacts | map( select( .name == "jetpack-build" ) ) | sort_by( .created_at ) | last | .archive_download_url // empty' <<<"$JSON")" - PLUGINS="$(jq -r '.artifacts[] | select( .name == "plugins.tsv" )' <<<"$JSON")" - if [[ -n "$ZIPURL" ]]; then - break - fi - done - [[ -z "$ZIPURL" ]] && { echo "::error::Failed to find artifact."; exit 1; } - echo "Zip URL: $ZIPURL" - echo "zip_url=${ZIPURL}" >> "$GITHUB_OUTPUT" - if [[ -z "$PLUGINS" ]]; then - echo "Any plugins? No" - echo "any_plugins=false" >> "$GITHUB_OUTPUT" - else - echo "Any plugins? Yes" - echo "any_plugins=true" >> "$GITHUB_OUTPUT" - fi - - - name: Get token - id: get_token - if: ${{ ! success() }} - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - name: 'Mark "Test plugin upgrades" failed' - if: ${{ ! success() }} - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: failure - title: Failed to find build artifact - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the "Find artifact" step failed. - token: ${{ steps.get_token.outputs.token }} - - name: 'Mark "Test wpcom filename restrictions" failed' - if: ${{ ! success() }} - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: failure - title: Failed to find build artifact - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the "Find artifact" step failed. - token: ${{ steps.get_token.outputs.token }} - - no_plugins: - name: Handle no-plugins - runs-on: ubuntu-latest - needs: [ setup, find_artifact ] - if: needs.find_artifact.outputs.any_plugins == 'false' - timeout-minutes: 2 # 2022-08-26: Seems like it should be fast. - steps: - - uses: actions/checkout@v4 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: 'Mark "Test plugin upgrades" skipped' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: skipped - title: No plugins were built - summary: | - ${{ env.SUMMARY }} - - Post-build run skipped because no plugins were built. - token: ${{ steps.get_token.outputs.token }} - - - name: 'Mark "Test wpcom filename restrictions" skipped' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: skipped - title: No plugins were built - summary: | - ${{ env.SUMMARY }} - - Post-build run skipped because no plugins were built. - token: ${{ steps.get_token.outputs.token }} - - prepare_upgrade_test: - name: Prepare plugin upgrades matrix - runs-on: ubuntu-latest - needs: [ setup, find_artifact ] - if: needs.find_artifact.outputs.any_plugins == 'true' - outputs: - matrix: ${{ steps.matrix.outputs.matrix }} - timeout-minutes: 5 # 2025-03-13: Should be just a few seconds. - - steps: - - uses: actions/checkout@v4 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - env: - # Work around a weird node 16/openssl 3 issue in the docker env - OPENSSL_CONF: '/dev/null' - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Notify check in progress - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - status: in_progress - title: Test started... - summary: | - ${{ env.SUMMARY }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} - - - name: Download build artifact - env: - TOKEN: ${{ github.token }} - ZIPURL: ${{ needs.find_artifact.outputs.zip_url }} - shell: bash - run: | - for (( i=1; i<=2; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Downloading artifact (attempt $i/2)" - curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$ZIPURL" \ - --output "artifact.zip" - echo "::endgroup::" - if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then - break - fi - done - [[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; } - unzip artifact.zip - tar --xz -xvvf build.tar.xz build/plugins.tsv - - - name: Prepare matrix - id: matrix - run: | - RET=$( jq -c -s --raw-input 'split( "\n" )[0:-1] | map( split( "\t" ) | { src: .[0], mirror: .[1], slug: .[2] } )' build/plugins.tsv ) - jq '.' <<<"$RET" - echo "matrix=$RET" >> "$GITHUB_OUTPUT" - - upgrade_test: - name: Test upgrades for ${{ matrix.slug }} - runs-on: ubuntu-latest - needs: [ setup, find_artifact, prepare_upgrade_test ] - if: needs.find_artifact.outputs.any_plugins == 'true' - timeout-minutes: 15 # 2022-08-26: Successful runs seem to take about 6 minutes, but give some extra time for the downloads. - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.prepare_upgrade_test.outputs.matrix ) }} - env: - PLUGIN_SRC: ${{ matrix.src }} - PLUGIN_MIRROR: ${{ matrix.mirror }} - PLUGIN_SLUG: ${{ matrix.slug }} - services: - db: - image: mariadb:lts - env: - MARIADB_ROOT_PASSWORD: wordpress - ports: - - 3306:3306 - options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=5 - container: - image: ghcr.io/automattic/jetpack-wordpress-dev:latest - env: - WP_DOMAIN: localhost - WP_ADMIN_USER: wordpress - WP_ADMIN_EMAIL: wordpress@example.com - WP_ADMIN_PASSWORD: wordpress - WP_TITLE: Hello World - MYSQL_HOST: db:3306 - MYSQL_DATABASE: wordpress - MYSQL_USER: root - MYSQL_PASSWORD: wordpress - HOST_PORT: 80 - ports: - - 80:80 - - steps: - - uses: actions/checkout@v4 - with: - path: trunk - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.workflow_run.head_commit.id }} - path: commit - - - name: Download build artifact - env: - TOKEN: ${{ github.token }} - ZIPURL: ${{ needs.find_artifact.outputs.zip_url }} - shell: bash - run: | - for (( i=1; i<=2; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Downloading artifact (attempt $i/2)" - curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$ZIPURL" \ - --output "artifact.zip" - echo "::endgroup::" - if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then - break - fi - done - [[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; } - unzip artifact.zip - tar --xz -xvvf build.tar.xz build - - - name: Setup WordPress - run: trunk/.github/files/test-plugin-update/setup.sh - - - name: Prepare plugin zips - run: trunk/.github/files/test-plugin-update/prepare-zips.sh - - - name: Test upgrades - run: trunk/.github/files/test-plugin-update/test.sh - - post_upgrade_test: - name: Finalize plugin test - runs-on: ubuntu-latest - needs: [ setup, find_artifact, upgrade_test ] - if: always() && needs.find_artifact.outputs.any_plugins == 'true' - timeout-minutes: 5 # 2025-03-13: Should be just a few seconds. - - steps: - - uses: actions/checkout@v4 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - env: - # Work around a weird node 16/openssl 3 issue in the docker env - OPENSSL_CONF: '/dev/null' - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Notify final status - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: ${{ needs.upgrade_test.result }} - title: ${{ needs.upgrade_test.result == 'success' && 'Tests passed' || needs.upgrade_test.result == 'cancelled' && 'Cancelled' || 'Tests failed' }} - summary: | - ${{ env.SUMMARY }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} - - wpcom_filename_test: - name: Test wpcom filename restrictions - runs-on: ubuntu-latest - needs: [ setup, find_artifact ] - if: needs.find_artifact.outputs.any_plugins == 'true' - timeout-minutes: 15 # 2025-03-03: Guess. Leave time for the downloads. - steps: - - uses: actions/checkout@v4 - with: - path: trunk - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.workflow_run.head_commit.id }} - path: commit - - - name: Get token - id: get_token - uses: ./trunk/.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Notify check in progress - uses: ./trunk/.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - status: in_progress - title: Test started... - summary: | - ${{ env.SUMMARY }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} - - - name: Download build artifact - env: - TOKEN: ${{ github.token }} - ZIPURL: ${{ needs.find_artifact.outputs.zip_url }} - shell: bash - run: | - for (( i=1; i<=2; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Downloading artifact (attempt $i/2)" - curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$ZIPURL" \ - --output "artifact.zip" - echo "::endgroup::" - if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then - break - fi - done - [[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; } - unzip artifact.zip - tar --xz -xvvf build.tar.xz build - - - name: Test filename restrictions - id: tests - run: trunk/.github/files/test-wpcom-filename-restrictions.sh - - - name: Notify final status - if: always() - uses: ./trunk/.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: ${{ job.status }} - title: ${{ job.status == 'success' && 'Tests passed' || job.status == 'cancelled' && 'Cancelled' || 'Tests failed' }} - summary: | - ${{ env.SUMMARY }} - - ${{ steps.tests.outputs.info }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} diff --git a/.github/workflows/pr-is-up-to-date.yml b/.github/workflows/pr-is-up-to-date.yml deleted file mode 100644 index b6dcd5342b9a..000000000000 --- a/.github/workflows/pr-is-up-to-date.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: PR is up-to-date -on: - pull_request_target: - branches: [ trunk ] - push: - branches: [ trunk ] - tags: - - pr-update-to - - pr-update-to-projects/** - -jobs: - check: - name: Check - runs-on: ubuntu-latest - timeout-minutes: 5 # 2021-03-23: The run on push to the tag might take a minute or two. - steps: - - # We basically have two workflows in one here, one for pushes to trunk and one for PRs and pushes to tags. - # The reason we don't separate them into two is because GitHub's UI would then always be showing a skipped job - # in the PR check list, which is kind of annoying. - - # First, the "PR or tag" job. - - - name: Checkout trunk for tag push or PR - uses: actions/checkout@v4 - if: github.event_name != 'push' || github.ref != 'refs/heads/trunk' - with: - ref: trunk - token: ${{ secrets.API_TOKEN_GITHUB }} - - # On a PR, we need to fetch (but not check out) the actual PR too. - - name: Deepen to merge base - if: github.event_name != 'push' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Determine tags for PR or tag and paths for tag push - id: determine - if: github.event_name != 'push' || github.ref != 'refs/heads/trunk' - env: - REF: ${{ github.event.pull_request.head.sha }} - run: | - TAGS=() - TAG= - PATHS= - if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then - TAG="${GITHUB_REF#refs/tags/}" - if [[ "$TAG" == pr-update-to-* ]]; then - PATHS="${TAG#pr-update-to-}" - fi - else - TMP="$(git -c core.quotepath=off diff --name-only "origin/trunk...${REF}" projects/*/*/ | sed -nE 's!^(projects/[^/]+/[^/]+)/.*!pr-update-to-\1!p' | sort -u)" - mapfile -t TAGS <<<"$TMP" - TAGS+=( pr-update-to ) - fi - echo "pr-tags=${TAGS[*]}" >> "$GITHUB_OUTPUT" - echo "push-tag=$TAG" >> "$GITHUB_OUTPUT" - echo "push-paths=$PATHS" >> "$GITHUB_OUTPUT" - - - name: Check PR or tag push - if: github.event_name != 'push' || github.ref != 'refs/heads/trunk' - uses: ./projects/github-actions/pr-is-up-to-date - with: - tags: ${{ steps.determine.outputs.pr-tags }} - tag: ${{ steps.determine.outputs.push-tag }} - paths: ${{ steps.determine.outputs.push-paths }} - token: ${{ secrets.API_TOKEN_GITHUB }} - status: PR is up to date - - # Second, the "push to trunk" job. - - - name: Checkout push to trunk - uses: actions/checkout@v4 - if: github.event_name == 'push' && github.ref == 'refs/heads/trunk' - with: - # The "Check whether the tag needs updating for trunk commit" needs the previous commit for diffing. - fetch-depth: 2 - token: ${{ secrets.API_TOKEN_GITHUB }} - - - name: Wait for prior instances of the workflow to finish - if: github.event_name == 'push' && github.ref == 'refs/heads/trunk' - uses: ./.github/actions/turnstile - - - name: Check whether the tag needs updating for trunk commit - if: github.event_name == 'push' && github.ref == 'refs/heads/trunk' - run: .github/files/pr-update-to.sh diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 8e34a6bd4300..9434fec3ccc7 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -18,8 +18,6 @@ on: - full - lookup - extract - schedule: - - cron: '0 0/2 * * *' concurrency: group: renovate-${{ github.ref }} diff --git a/.github/workflows/slack-branch-existence-notification.yml b/.github/workflows/slack-branch-existence-notification.yml deleted file mode 100644 index 9fb43ddab348..000000000000 --- a/.github/workflows/slack-branch-existence-notification.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: Slack branch existence notification -on: - create: - delete: - -jobs: - notify: - name: Notify - runs-on: ubuntu-latest - timeout-minutes: 5 # 2022-11-22: Shouldn't take long. - if: github.event.ref == 'prerelease' - - steps: - - uses: actions/checkout@v4 - with: - ref: trunk - - name: Generate message - id: message - env: - SLACK_RELEASES_CHANNEL: ${{ secrets.SLACK_RELEASES_CHANNEL }} - run: | - source .github/files/gh-funcs.sh - - if [[ "$GITHUB_EVENT_NAME" == 'create' ]]; then - gh_set_output message "$( - jq -nc --arg C "$SLACK_RELEASES_CHANNEL" --slurpfile event "$GITHUB_EVENT_PATH" '$event[0] as $e | { - channel: $C, - icon_emoji: ":lock:", - text: "Incoming release! Prerelease branch was created by \( $e.sender.login ).", - blocks: [ - { - type: "section", - text: { - type: "mrkdwn", - text: ":holdontoyourbutts: Incoming release! Prerelease branch was created by \( $e.sender.login ).", - }, - } - ], - }' - )" - elif [[ "$GITHUB_EVENT_NAME" == 'delete' ]]; then - gh_set_output message "$( - jq -nc --arg C "$SLACK_RELEASES_CHANNEL" --slurpfile event "$GITHUB_EVENT_PATH" '$event[0] as $e | { - channel: $C, - icon_emoji: ":unlock:", - text: "Prerelease branch was deleted by \( $e.sender.login ).", - blocks: [ - { - type: "section", - text: { - type: "mrkdwn", - text: "Prerelease branch was deleted by \( $e.sender.login ).", - }, - } - ], - }' - )" - else - echo "::error::Unknown event \"$GITHUB_EVENT_NAME\"" - exit 1 - fi - - - name: Send message to releases channel - uses: slackapi/slack-github-action@v2.1.0 - with: - token: ${{ secrets.SLACK_TOKEN }} - method: chat.postMessage - payload: ${{ steps.message.outputs.message }} diff --git a/.github/workflows/slack-workflow-failed.yml b/.github/workflows/slack-workflow-failed.yml deleted file mode 100644 index be1e41217d6a..000000000000 --- a/.github/workflows/slack-workflow-failed.yml +++ /dev/null @@ -1,167 +0,0 @@ -name: CI Results -run-name: ${{ github.event.workflow.name }} on ${{ github.event.workflow_run.head_branch }} -on: - workflow_run: - types: [ 'completed' ] - workflows: - - Build - - Build Docker - - Tests - - Gardening - - Monorepo Auto-tagger - - Post-Build - - PR is up-to-date - - Update Jetpack Staging Test Sites - - Update Phan stubs - - k6 Tests for Jetpack Staging Test Sites - branches: [ 'trunk', 'prerelease', '*/branch-*' ] - -jobs: - notify: - name: Notify failure - runs-on: ubuntu-latest - if: ${{ github.repository == 'Automattic/jetpack' && github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'issues' && github.event.workflow_run.event != 'issue_comment' }} - - steps: - - uses: actions/checkout@v4 - - name: Generate message - id: message - env: - SLACK_JP_ALERTS_CHANNEL: ${{ secrets.SLACK_JP_ALERTS_CHANNEL }} - SLACK_RELEASES_CHANNEL: ${{ secrets.SLACK_RELEASES_CHANNEL }} - run: | - source .github/files/gh-funcs.sh - - # If this is triggered off of another "workflow_run" workflow, it'll always see the head_branch as "trunk". - # In that case, we assume it's setting display_title to be like "NAME on BRANCH" and extract the branch from there. - if jq -e '.workflow_run.event == "workflow_run"' "$GITHUB_EVENT_PATH" &>/dev/null; then - TITLE=$(jq -r '.workflow_run.display_title' "$GITHUB_EVENT_PATH") - BRANCH=${TITLE##* on } - echo "branch=$BRANCH" >> "$GITHUB_OUTPUT" - DATA=$( jq -nc --slurpfile event "$GITHUB_EVENT_PATH" --arg branch "$BRANCH" '$event[0] as $e | $e.workflow_run as $run | - { - workflow_name: $e.workflow.name, - branch: $branch, - run_id: $run.id, - run_url: $run.html_url, - duration: ( ( $run.updated_at | fromdateiso8601 ) - ( $run.run_started_at | fromdateiso8601 ) | strftime( "%H:%M:%S" ) ), - } - ' ) - else - BRANCH=$(jq -r '.workflow_run.head_branch' "$GITHUB_EVENT_PATH") - echo "branch=$BRANCH" >> "$GITHUB_OUTPUT" - DATA=$( jq -nc --slurpfile event "$GITHUB_EVENT_PATH" '$event[0] as $e | $e.workflow_run as $run | - ( $run.head_commit.message | sub( "\n.*"; ""; "m" ) | match( " \\(#([0-9]+)\\)$" ).captures[0].string // null ) as $pr | - { - workflow_name: $e.workflow.name, - branch: $run.head_branch, - run_id: $run.id, - run_url: $run.html_url, - duration: ( ( $run.updated_at | fromdateiso8601 ) - ( $run.run_started_at | fromdateiso8601 ) | strftime( "%H:%M:%S" ) ), - commit: "\( $run.head_commit.id[0:8] ) \( $run.head_commit.message | sub( "\n.*"; ""; "m" ) )", - author: ( $run.head_commit.author.name ), - commit_url: "\( $run.head_repository.html_url )/commit/\( $run.head_commit.id )", - pr: $pr, - pr_url: ( if $pr then "\( $run.head_repository.html_url )/pull/\( $pr )" else null end ) - } - ' ) - fi - - jq -r '[ - "### \( .workflow_name ) failed on \( .branch )", - "", - if .commit then "Commit: \( .commit )" else empty end, - if .author then "Author: \( .author )" else empty end, - "Duration: \( .duration )", - "", - ( - [ - "[Run #\( .run_id )](\( .run_url ))", - if .commit_url then "[Commit](\( .commit_url ))" else empty end, - if .pr then "[PR #\( .pr )](\( .pr_url ))" else empty end - ] | join( " | " ) - ) - ] | join( "\n" )' <<<"$DATA" >> $GITHUB_STEP_SUMMARY - - MSG=$( jq -c ' - { - icon_emoji: ":github-rejected:", - text: "*\( .workflow_name ) failed on \( .branch )*\n<\( .run_url )|Run #\( .run_id )>", - blocks: [ - { - type: "section", - text: { - type: "mrkdwn", - text: "*\( .workflow_name ) failed on \( .branch )*" - } - }, - { - type: "context", - elements: [ - if .commit then { - type: "plain_text", - text: "Commit: \( .commit )", - emoji: false - } else empty end, - if .author then { - type: "plain_text", - text: "Author: \( .author )", - emoji: false - } else empty end, - { - type: "plain_text", - text: "Duration: \( .duration )" - } - ] - }, - { - type: "actions", - elements: [ - { - type: "button", - text: { - type: "plain_text", - text: "Run #\( .run_id )" - }, - url: .run_url - }, - if .commit_url then { - type: "button", - text: { - type: "plain_text", - text: "Commit" - }, - url: .commit_url - } else empty end, - if .pr then { - type: "button", - text: { - type: "plain_text", - text: "PR #\( .pr )" - }, - url: .pr_url, - } else empty end - ] - } - ] - } - ' <<<"$DATA" ) - - gh_set_output message_alerts "$( jq -c --arg C "$SLACK_JP_ALERTS_CHANNEL" '.channel |= $C' <<<"$MSG" )" - gh_set_output message_releases "$( jq -c --arg C "$SLACK_RELEASES_CHANNEL" '.channel |= $C' <<<"$MSG" )" - - - name: Send message to alerts channel - uses: slackapi/slack-github-action@v2.1.0 - if: steps.message.outputs.branch == 'trunk' - with: - token: ${{ secrets.SLACK_TOKEN }} - method: chat.postMessage - payload: ${{ steps.message.outputs.message_alerts }} - - - name: Send message to releases channel - uses: slackapi/slack-github-action@v2.1.0 - if: contains( steps.message.outputs.branch, '/branch-' ) || steps.message.outputs.branch == 'prerelease' - with: - token: ${{ secrets.SLACK_TOKEN }} - method: chat.postMessage - payload: ${{ steps.message.outputs.message_releases }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 211a1c235507..000000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: 'Mark stale pull requests' -on: - schedule: - # Run every 6 hours at xx:30. - - cron: '30 */6 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/stale@v9 - with: - # Get PRs in ascending (oldest first) order. - ascending: true - operations-per-run: 50 - # PRs: Mark as stale after 2 months, close after 1 month more - days-before-pr-stale: 60 - days-before-pr-close: 31 - delete-branch: true - # Label to use when marking a PR as stale - stale-pr-label: '[Status] Stale' - # PRs with these labels will never be considered stale. - exempt-pr-labels: '[Pri] High,[Pri] BLOCKER,FixTheFlows,[Status] Keep Open' - # Message to be added to stale PRs. - stale-pr-message: | -

This PR has been marked as stale. This happened because:

- - - -

If this PR is still useful, please do a [trunk merge or rebase](https://github.com/Automattic/jetpack/blob/trunk/docs/git-workflow.md#keeping-your-branch-up-to-date) - and otherwise make sure it's up to date and has clear testing instructions. - You may also want to ping possible reviewers in case they've forgotten about it. - Please close this PR if you think it's not valid anymore — if you - do, please add a brief explanation.

- -

If the PR is not updated (or at least commented on) in another month, it will be automatically closed.

- close-pr-message: | -

This PR has been automatically closed as it has not been updated in some time. - If you want to resume work on the PR, feel free to restore the branch and reopen the PR.

- # Ignore issues, only operating on pull requests. - days-before-issue-stale: -1 - days-before-issue-close: -1 \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 535ae5e685ce..000000000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,543 +0,0 @@ -name: Tests - -on: - pull_request: - push: - branches: [ 'trunk', '*/branch-*' ] - -concurrency: - # Trunk runs need to not be cancelled for concurrency, mainly for code coverage. Everything else can be. - group: tests-${{ github.event_name }}-${{ github.ref }}-${{ github.event_name == 'push' && github.ref == 'refs/heads/trunk' && github.run_id || '' }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - -jobs: - create-matrix: - name: "Determine tests matrix" - runs-on: ubuntu-latest - timeout-minutes: 1 # 2021-02-03: Should only take a second. - outputs: - matrix: ${{ steps.create-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - - id: create-matrix - run: | - MATRIX="$(.github/files/generate-ci-matrix.php)" - echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" - - run-tests: - name: ${{ matrix.name }} - runs-on: ${{ matrix.runner }} - needs: create-matrix - services: - database: - image: mariadb:10.4 - env: - MARIADB_ROOT_PASSWORD: root - ports: - - 3306:3306 - options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=5 - continue-on-error: ${{ matrix.experimental }} - timeout-minutes: ${{ matrix.timeout }} - env: - TEST_SCRIPT: ${{ matrix.script }} - WP_BRANCH: ${{ matrix.wp }} - PHP_VERSION: ${{ matrix.php }} - NODE_VERSION: ${{ matrix.node }} - MONOREPO_BASE: ${{ github.workspace }} - WITH_WOOCOMMERCE: ${{ matrix.with-woocommerce }} - WITH_WPCOMSH: ${{ matrix.with-wpcomsh }} - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.create-matrix.outputs.matrix ) }} - - # Note matrix-job outputs are kind of weird. Last-to-run job that sets a non-empty value wins. - outputs: - did-coverage: ${{ ( steps.run-tests.conclusion != 'cancelled' && steps.process-coverage.conclusion == 'success' && steps.upload-artifacts.conclusion == 'success' ) && 'true' || '' }} - coverage-status: ${{ matrix.script == 'test-coverage' && steps.run-tests.conclusion || '' }} - - steps: - - uses: actions/checkout@v4 - with: - # Test coverage checks require a fetch depth > 1. - fetch-depth: 2 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - php: ${{ matrix.php }} - coverage: ${{ matrix.script == 'test-coverage' && 'pcov' || 'none' }} - node: ${{ matrix.node }} - - - name: Monorepo install - run: | - echo "::group::Pnpm" - pnpm install - echo "::endgroup::" - - - name: Detect changed projects - id: changed - run: | - CHANGED="$(EXTRA=test .github/files/list-changed-projects.sh)" - - # Only test certain plugins in combination with WC - if [[ "$WITH_WOOCOMMERCE" == true ]]; then - echo "Testing with WooCommerce, filtering for projects that have WooCommerce-specific tests." - CHANGED=$( jq -c 'with_entries( select( .key == "plugins/jetpack" ) )' <<<"$CHANGED" ) - fi - - ANY_PLUGINS="$(jq --argjson changed "$CHANGED" -n '$changed | with_entries( select( .key | startswith( "plugins/" ) ) ) | any')" - echo "projects=${CHANGED}" >> "$GITHUB_OUTPUT" - echo "any-plugins=${ANY_PLUGINS}" >> "$GITHUB_OUTPUT" - - - name: Select WordPress version - if: matrix.wp != 'none' - run: .github/files/select-wordpress-tag.sh - - - name: Composer Install - env: - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - # If we're going to be making WorDBless use WP "nightlies", remove the relevant package from Composer's cache to get the latest version. - if [[ "$WP_BRANCH" == 'trunk' && ( "$TEST_SCRIPT" == "test-php" || "$TEST_SCRIPT" == "test-coverage" ) ]]; then - echo "::group::Clear composer cache for roots/wordpress" - DIR=$(composer config cache-files-dir) - rm -rf "$DIR/roots/wordpress" "$DIR/roots/wordpress-no-content" - echo "::endgroup::" - fi - - echo "::group::Composer" - composer install --working-dir=tools/php-test-env - - if [[ ( "$TEST_SCRIPT" == "test-php" || "$TEST_SCRIPT" == "test-coverage" ) && ( "$WP_BRANCH" == 'trunk' || "$WP_BRANCH" == 'previous' ) ]]; then - VER=$(composer --format=json --working-dir="tools/php-test-env" show | jq -r '.installed[] | select( .name == "roots/wordpress" ) | .version') - if [[ -n "$VER" ]]; then - INSVER=$WORDPRESS_TAG - [[ "$WORDPRESS_TAG" == 'trunk' ]] && INSVER="dev-main as $VER" - echo "Supposed to run tests against WordPress $WORDPRESS_TAG, so setting roots/wordpress and roots/wordpress-no-content to \"$INSVER\"" - # Composer seems to sometimes have issues with deleting the wordpress dir on its own, so do it manually first. - rm -rf "tools/php-test-env/wordpress" - composer --working-dir="tools/php-test-env" require --dev "roots/wordpress:$INSVER" "roots/wordpress-no-content:$INSVER" - fi - fi - echo "::endgroup::" - - echo "Checking for non-mirrored require-dev packages, in case this is testing a release branch" - for SLUG in $( jq -r 'keys[]' <<<"$CHANGED" ); do - PKGS=() - readarray -t PKGS < <( jq -r '.extra["non-mirrored-require-dev"] // empty | .[] | . += "=@dev"' "projects/$SLUG/composer.json" ) - if [[ ${#PKGS[@]} -gt 0 ]]; then - echo "::group::Adding packages for $SLUG: ${PKGS[*]}" - # Make sure monorepo repositories entry is present. - JSON=$( jq --tab '.repositories //= [] | if any( .repositories[]; .type == "path" and ( .url | startswith( "../" ) ) and .options?.monorepo? ) then . else .repositories += [ { type: "path", url: "../../packages/*", options: { monorepo: true } } ] end' "projects/$SLUG/composer.json" ) - echo "$JSON" > "projects/$SLUG/composer.json" - # Use --no-install and --ignore-platform-reqs here. Code below (either in .github/files/setup-wordpress-env.sh or the "Run project tests" step) will do a `composer install` or `composer update` as necessary. - composer require --working-dir="projects/$SLUG/" --dev --no-install --ignore-platform-reqs "${PKGS[@]}" - echo "::endgroup::" - fi - done - - - name: Setup WordPress environment for plugin tests - env: - API_TOKEN_GITHUB: ${{ secrets.GITHUB_TOKEN }} - CHANGED: ${{ steps.changed.outputs.projects }} - if: steps.changed.outputs.any-plugins == 'true' && matrix.wp != 'none' - run: .github/files/setup-wordpress-env.sh - - - name: Run project tests - id: run-tests - env: - FORCE_PACKAGE_TESTS: ${{ matrix.force-package-tests && 'true' || 'false' }} - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - EXIT=0 - declare -A PIDS - PIDS=() - MAXPIDS=$( nproc ) - FAILED=() - mkdir artifacts - [[ "$TEST_SCRIPT" == "test-coverage" ]] && mkdir coverage - for P in composer.json projects/*/*/composer.json; do - if [[ ${#PIDS[@]} -ge $MAXPIDS ]]; then - if ! wait -fn -p PID "${!PIDS[@]}"; then - echo "::error::Tests for ${PIDS[$PID]} failed!" - FAILED+=( "${PIDS[$PID]}" ) - EXIT=1 - fi - echo "Finished ${PIDS[$PID]}" - unset PIDS[$PID] - fi - - if [[ "$P" == "composer.json" ]]; then - DIR="." - SLUG="monorepo" - else - DIR="${P%/composer.json}" - SLUG="${DIR#projects/}" - fi - - if [[ "${SLUG%%/*}" != "plugins" && "$WP_BRANCH" != 'latest' && "$WP_BRANCH" != 'none' && "$FORCE_PACKAGE_TESTS" != "true" ]]; then - echo "Skipping $SLUG, only plugins run for WP_BRANCH = $WP_BRANCH" - continue - fi - - if ! jq --argjson changed "$CHANGED" --arg p "$SLUG" -ne '$changed[$p] // false' > /dev/null; then - echo "Skipping $SLUG, no changes in it or its dependencies" - elif ! jq --arg script "$TEST_SCRIPT" -e '.scripts[$script] // false' "$P" > /dev/null; then - echo "Skipping $SLUG, no test script is defined in composer.json" - elif php -r 'exit( preg_match( "/^>=\\s*(\\d+\\.\\d+)$/", $argv[1], $m ) && version_compare( PHP_VERSION, $m[1], "<" ) ? 0 : 1 );' "$( jq -r '.require.php // ""' "$P" )"; then - echo "Skipping $SLUG, requires PHP $( jq -r '.require.php // ""' "$P" ) but PHP version is $( php -r 'echo PHP_VERSION;' )" - else - if jq --arg script "skip-$TEST_SCRIPT" -e '.scripts[$script] // false' "$P" > /dev/null; then - { composer --working-dir="$DIR" run "skip-$TEST_SCRIPT"; CODE=$?; } || true - if [[ $CODE -eq 3 ]]; then - echo "Skipping tests for $SLUG due to skip-$TEST_SCRIPT script" - continue - elif [[ $CODE -ne 0 ]]; then - echo "::error::Script skip-$TEST_SCRIPT failed to run $CODE!" - FAILED+=( "$SLUG" ) - EXIT=1 - continue - fi - fi - - echo "Running tests for $SLUG" - { - # Composer install, if appropriate. Note setup-wordpress-env.sh did it already for plugins. - if [[ "${SLUG%%/*}" != "plugins" && ( "$TEST_SCRIPT" == "test-php" || "$TEST_SCRIPT" == "test-coverage" ) ]]; then - if [[ "$TEST_SCRIPT" == "test-coverage" ]] && - ! jq -e '.scripts["test-php"]' "$DIR/composer.json" &>/dev/null - then - echo "Skipping composer install, assuming test-coverage is only JS because the project has no test-php." - else - if [[ ! -f "$DIR/composer.lock" ]]; then - echo 'No composer.lock, running `composer update`' - composer --working-dir="$DIR" update - elif composer --working-dir="$DIR" check-platform-reqs --lock; then - echo 'Platform reqs pass, running `composer install`' - composer --working-dir="$DIR" install - if [[ "$TEST_SCRIPT" == "test-php" ]] && composer info --locked phpunit/phpunit &>/dev/null; then - echo 'Updating PHPUnit in case a newer version than locked is usable' - composer --working-dir="$DIR" update -W phpunit/phpunit - fi - else - echo 'Platform reqs failed, running `composer update`' - composer --working-dir="$DIR" update - fi - fi - fi - - if [[ "${SLUG%%/*}" == "plugins" ]]; then - export WP_TESTS_CONFIG_FILE_PATH="$WORDPRESS_DEVELOP_DIR/wp-tests-config.${SLUG##*/}.php" - fi - - mkdir -p "artifacts/$SLUG" - export ARTIFACTS_DIR="$GITHUB_WORKSPACE/artifacts/$SLUG" - if [[ "$TEST_SCRIPT" == "test-coverage" ]]; then - mkdir -p "coverage/$SLUG" - export COVERAGE_DIR="$GITHUB_WORKSPACE/coverage/$SLUG" - fi - FAIL=false - if ! composer run --timeout=0 --working-dir="$DIR" "$TEST_SCRIPT"; then - FAIL=true - fi - - # Actions seems to slow down if there are a lot of files, so clean up Composer stuff after each test. - # We don't do it for JS stuff, as that might break things with how JS does package deps. - rm -rf "$DIR/vendor" "$DIR/jetpack_vendor" "$DIR/wordpress" - - if $FAIL; then - echo "Tests for $SLUG failed!" - exit 1 - fi - } 2> >( sed -u 's!^!['"$SLUG"'] !' >&2 ) > >( sed -u 's!^!['"$SLUG"'] !' ) & - PIDS[$!]=$SLUG - fi - done - while [[ ${#PIDS[@]} -gt 0 ]]; do - if ! wait -fn -p PID "${!PIDS[@]}"; then - echo "::error::Tests for ${PIDS[$PID]} failed!" - FAILED+=( "${PIDS[$PID]}" ) - EXIT=1 - fi - echo "Finished ${PIDS[$PID]}" - unset PIDS[$PID] - done - - if [[ ${#FAILED[@]} -gt 0 ]]; then - echo '' - echo 'The following tests failed:' - printf " - %s\n" "${FAILED[@]}" - fi - - exit $EXIT - - - name: Process coverage results - id: process-coverage - env: - CHANGED: ${{ steps.changed.outputs.projects }} - if: matrix.script == 'test-coverage' && always() - run: .github/files/coverage-munger/process-coverage.sh - - - name: Check for artifacts - id: check-artifacts - # Default for `if` is `success()`, we want this to run always. - if: always() - run: | - [[ -d artifacts ]] && find artifacts -type d -empty -delete - if [[ -d artifacts ]]; then - echo "any=true" >> "$GITHUB_OUTPUT" - else - echo "any=false" >> "$GITHUB_OUTPUT" - fi - - name: Upload artifacts - id: upload-artifacts - if: always() && steps.check-artifacts.outputs.any == 'true' - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.artifact }} - path: artifacts - include-hidden-files: true - retention-days: 7 - - publish-coverage-data: - name: Publish coverage data - runs-on: ubuntu-latest - timeout-minutes: 10 # 2025-01-10 Wild guess - needs: run-tests - if: always() && needs.run-tests.outputs.did-coverage == 'true' && github.repository == 'Automattic/jetpack' && ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name || github.event_name == 'push' && github.ref == 'refs/heads/trunk' ) - steps: - - uses: actions/checkout@v4 - - - name: Get token - id: get_token - if: github.event_name == 'pull_request' - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Download coverage artifact - uses: actions/download-artifact@v4 - with: - name: 'Code coverage' - path: coverage - - - name: Upload coverage results - env: - PR_ID: ${{ github.event_name != 'pull_request' && 'trunk' || github.event.pull_request.number }} - SECRET: ${{ secrets.CODECOV_SECRET }} - STATUS: ${{ needs.run-tests.outputs.coverage-status }} - PR_HEAD: ${{ github.event.pull_request.head.sha }} - POST_MESSAGE_TOKEN: ${{ steps.get_token.outputs.token }} - run: .github/files/coverage-munger/upload-coverage.sh - - storybook-test: - name: Storybook tests - runs-on: ubuntu-latest - timeout-minutes: 20 # 2024-02-23 Wild guess - steps: - - uses: actions/checkout@v4 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Monorepo install - run: | - echo "::group::Pnpm" - pnpm install - echo "::endgroup::" - - - name: Detect changed projects - id: changed - run: | - CHANGED=$( .github/files/list-changed-projects.sh ) - PROJECTS=$( node -e 'const r = { "js-packages/storybook": true }; for ( const p of require( "./projects/js-packages/storybook/storybook/projects.js" ) ) { const m = p.match( /\/projects\/([^/]+\/[^/]+)(?:$|\/)/ ); m && ( r[ m[1] ] = true ); } console.log( JSON.stringify( r ) );' ) - - ANY=$( jq --argjson changed "$CHANGED" --argjson projects "$PROJECTS" -n '$changed | with_entries( select( $projects[ .key ] ) ) | any' ) - echo "any=${ANY}" >> "$GITHUB_OUTPUT" - - - name: Build storybook - if: steps.changed.outputs.any == 'true' - run: | - pnpm jetpack build -v js-packages/storybook - - - name: Install playwright - if: steps.changed.outputs.any == 'true' - run: | - cd projects/js-packages/storybook - pnpm exec playwright install --with-deps chromium - - - name: Test storybook - if: steps.changed.outputs.any == 'true' - env: - # Chromium bug, see https://github.com/microsoft/playwright/issues/34046 - LANG: en_US - LC_ALL: en_US - run: | - cd projects/js-packages/storybook - node bin/webserver.mjs - REFERENCE_URL=https://automattic.github.io/jetpack-storybook/ pnpm exec test-storybook -c storybook --url 'http://127.0.0.1:6006/index.html' - - # Probably this should be a linting test, but we don't run linting on trunk or release branches. - plugin-deps: - name: Check plugin monorepo dep versions - runs-on: ubuntu-latest - timeout-minutes: 2 # 2022-09-08: Should only take a few seconds. - steps: - - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - name: Run check - run: | - if [[ "$GITHUB_EVENT_NAME" == 'push' ]]; then - REF="${GITHUB_REF#refs/heads/}" - elif [[ "$GITHUB_EVENT_NAME" == 'pull_request' || "$GITHUB_EVENT_NAME" == 'pull_request_target' ]]; then - REF="$GITHUB_BASE_REF" - else - echo "::error::Unsupported github event \"$GITHUB_EVENT_NAME\"" - exit 1 - fi - echo "Detected target ref \"$REF\"" - - if [[ "$REF" == trunk ]]; then - ARGS=( --dev ) - elif [[ "$REF" == */branch-* ]]; then - ARGS=( --release ) - TMP="$(jq -r --arg P "${REF%%/branch-*}" '.extra["release-branch-prefix"] | if type == "array" then . else [ . ] end | if index( $P ) then input_filename | match( "^projects/plugins/([^/]+)/composer.json$" ).captures[0].string else empty end' projects/plugins/*/composer.json)" - while IFS= read -r LINE; do - ARGS+=( "$LINE" ) - done <<<"$TMP" - else - echo "Unsupported ref \"$REF\", ignoring" - exit 0 - fi - - echo "Running tools/check-plugin-monorepo-deps.sh ${ARGS[@]}" - tools/check-plugin-monorepo-deps.sh "${ARGS[@]}" - - typecheck: - name: Type checking - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/tool-setup - - name: Pnpm install - run: pnpm install - - name: Run type checking - # Can't just `pnpm typecheck` here, GitHub won't match the output files correctly - # and unfortunately https://github.com/microsoft/TypeScript/issues/36221 is still open. - run: | - EXIT=0 - set -o pipefail - for DIR in $( jq -r 'if .scripts.typecheck then input_filename | sub( "/package.json"; "" ) else empty end' projects/*/*/package.json ); do - echo "::group::$DIR" - if ! ( cd "$DIR" && pnpm run typecheck ) | sed -uE 's#^.+\([0-9,]+\): error #'"$DIR"'/&#'; then - EXIT=1 - fi - echo "::endgroup::" - done - exit $EXIT - - # Probably this should be a linting test too, but we don't run linting on trunk or release branches. - phan: - name: Static analysis - runs-on: ubuntu-latest - timeout-minutes: 20 # 2024-05-02: Up to about 8 minutes now that we're running against the old WP stubs too. - steps: - - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/tool-setup - - name: Pnpm install - run: pnpm install - - name: Add back removed packages in case of a release branch. - run: | - echo "Checking for non-mirrored require-dev packages, in case this is testing a release branch" - for FILE in projects/*/*/composer.json; do - PKGS=() - readarray -t PKGS < <( jq -r '.extra["non-mirrored-require-dev"] // empty | .[] | . += "=@dev"' "$FILE" ) - if [[ ${#PKGS[@]} -gt 0 ]]; then - echo "::group::Adding packages for $FILE: ${PKGS[*]}" - # Make sure monorepo repositories entry is present. - JSON=$( jq --tab '.repositories //= [] | if any( .repositories[]; .type == "path" and ( .url | startswith( "../" ) ) and .options?.monorepo? ) then . else .repositories += [ { type: "path", url: "../../packages/*", options: { monorepo: true } } ] end' "$FILE" ) - echo "$JSON" > "$FILE" - composer require --working-dir="${FILE%/composer.json}" --dev "${PKGS[@]}" - echo "::endgroup::" - fi - done - - name: Run phan - run: pnpm jetpack phan --all -v --update-baseline --format github - - name: Run phan for previous WP version too - env: - # Don't bother complaining about unused suppressions that may be used with the newer stubs. See .phan/config.base.php for how this gets applied. - NO_PHAN_UNUSED_SUPPRESSION: 1 - run: | - composer update --prefer-lowest php-stubs/wordpress-stubs php-stubs/wordpress-tests-stubs - # Don't re-update baselines here, only check. - pnpm jetpack phan --all -v --format github - - name: Check baselines - run: | - # Anything changed? (with a side of printing the diff) - if git diff --exit-code --ignore-matching-lines='^ // ' -- .phan/baseline.php '*/.phan/baseline.php'; then - exit 0 - fi - - # Collect which projects changed to suggest the right command. - PROJECTS=() - for f in $( git -c core.quotepath=off diff --name-only -- .phan/baseline.php '*/.phan/baseline.php' ); do - # --name-only and --ignore-matching-lines don't combine, so we have to do the check separately. - if git diff --quiet --exit-code --ignore-matching-lines='^ // ' -- "$f"; then - continue - fi - - if [[ "$f" == ".phan/baseline.php" ]]; then - SLUG=monorepo - elif [[ "$f" == projects/*/*/.phan/baseline.php ]]; then - SLUG=${f%/.phan/baseline.php} - SLUG=${SLUG#projects/} - elif SLUG=$( grep -v '^[ \t]*\/\/' .phan/monorepo-pseudo-projects.jsonc | jq -re --arg f "${f%.phan/baseline.php}" 'to_entries[] | select( .value == $f ) | .key' ); then - : # Ok - else - SLUG= - fi - if grep -q 'This baseline has no suppressions' "$f"; then - if [[ -n "$SLUG" ]]; then - echo "::error file=$f::This Phan baseline is now empty (good job!). You may remove it, or if you want to keep it (e.g. if you expect new unfixed issues to be added in the future) you can run \`jetpack phan --update-baseline $SLUG\` to update it." - else - echo "::error file=$f::This Phan baseline is now empty (good job!). You may remove it." - fi - elif [[ -n "$SLUG" ]]; then - PROJECTS+=( "$SLUG" ) - else - echo "::error file=$f::This Phan baseline has changed and should be updated. This Action was unable to determine the command needed to update it; please report this to the Monorepo team." - fi - done - if [[ ${#PROJECTS[@]} -gt 0 ]]; then - echo "::error::Phan baselines have changed (good job!). Run \`jetpack phan --update-baseline ${PROJECTS[*]}\` to update them." - fi - exit 1 diff --git a/.github/workflows/update-jetpack-staging-sites.yml b/.github/workflows/update-jetpack-staging-sites.yml deleted file mode 100644 index 1c4193d4185d..000000000000 --- a/.github/workflows/update-jetpack-staging-sites.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Update Jetpack Staging Test Sites -# Ran as part of the `UpdateJetpackStaging` TeamCity build. -# After updating the sites, runs k6 tests against the same sites. - -on: - workflow_dispatch: - -jobs: - run_shell_script: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Env config - env: - SSH_KEY: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KEY }} - SSH_KNOWN_HOSTS: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KNOWN_HOSTS }} - run: | - mkdir -p ~/.ssh/ - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - echo "$SSH_KEY" > ~/.ssh/id_rsa - chmod 0600 ~/.ssh/id_rsa - - - name: Execute shell script - shell: bash - run: .github/files/jetpack-staging-sites/update-jetpack-staging-sites.sh - - run_k6_tests: - needs: run_shell_script - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Run k6 frontend tests - uses: grafana/k6-action@v0.3.0 - with: - filename: .github/files/jetpack-staging-sites/k6-frontend.js - env: - JETPACKSTAGING_K6_USERNAME: ${{ secrets.JETPACKSTAGING_K6_USERNAME }} - JETPACKSTAGING_K6_PASSWORD: ${{ secrets.JETPACKSTAGING_K6_PASSWORD }} - - - name: Run k6 backend tests - uses: grafana/k6-action@v0.3.0 - with: - filename: .github/files/jetpack-staging-sites/k6-backend.js - env: - JETPACKSTAGING_K6_USERNAME: ${{ secrets.JETPACKSTAGING_K6_USERNAME }} - JETPACKSTAGING_K6_PASSWORD: ${{ secrets.JETPACKSTAGING_K6_PASSWORD }} - - trigger_e2e_tests: - needs: run_shell_script - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Execute shell script - shell: bash - run: .github/files/jetpack-staging-sites/run-atomic-deploy-e2e-tests.sh - env: - SIGNATURE_KEY: ${{ secrets.ATOMIC_DEPLOY_E2E_TESTS_KEY }} - TRIGGER_URL: ${{ secrets.ATOMIC_DEPLOY_E2E_TESTS_URL }} diff --git a/.github/workflows/update-phan-stubs.yml b/.github/workflows/update-phan-stubs.yml deleted file mode 100644 index ff02b14b0620..000000000000 --- a/.github/workflows/update-phan-stubs.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: Update Phan stubs -on: - workflow_dispatch: - schedule: - - cron: '22 0 * * 1,2,3,4,5' -concurrency: - group: update-phan-stubs-${{ github.ref }} - -permissions: - contents: write - pull-requests: write - -env: - GIT_AUTHOR_NAME: matticbot - GIT_AUTHOR_EMAIL: matticbot@users.noreply.github.com - GIT_COMMITTER_NAME: matticbot - GIT_COMMITTER_EMAIL: matticbot@users.noreply.github.com - -jobs: - update-stubs: - name: Update stubs - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - # Use the matticbot token so CI runs on the created PR. - token: ${{ secrets.STUB_UPDATE_TOKEN_GITHUB }} - - - name: Update stubs - env: - # Generic token is fine here. - GH_TOKEN: ${{ github.token }} - run: tools/stubs/update-stubs.sh - - - name: Check for changes - id: changes - run: | - if git diff --exit-code; then - echo "::notice::No changes" - echo "needed=false" >> "$GITHUB_OUTPUT" - elif ! [[ "$(date +%e)" -le 7 && "$(date +%A)" == Thursday ]] && git diff --exit-code --ignore-matching-lines='^ \* Stubs automatically generated from' >/dev/null; then - echo "::notice::No changes (other than version bumps) and it's not the first Thursday" - echo "needed=false" >> "$GITHUB_OUTPUT" - elif git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin update/phan-custom-stubs >/dev/null; then - TMP=$( git -c core.quotepath=off diff --name-only ) - mapfile -t FILES <<<"$TMP" - if git diff --quiet --exit-code origin/update/phan-custom-stubs "${FILES[@]}"; then - echo "::notice::Branch already exists and is up to date with these changes" - echo "needed=false" >> "$GITHUB_OUTPUT" - else - echo "::notice::Branch needs updating" - echo "has-branch=true" >> "$GITHUB_OUTPUT" - echo "needed=true" >> "$GITHUB_OUTPUT" - fi - else - echo "::notice::Branch needs creating" - echo "has-branch=false" >> "$GITHUB_OUTPUT" - echo "needed=true" >> "$GITHUB_OUTPUT" - fi - - - name: Create commit and PR - if: steps.changes.outputs.needed == 'true' && steps.changes.outputs.has-branch == 'false' - env: - GH_TOKEN: ${{ secrets.STUB_UPDATE_TOKEN_GITHUB }} - run: | - git checkout -b update/phan-custom-stubs - git commit -am 'phan: Update custom stubs' - git push origin update/phan-custom-stubs - if ! gh pr create --title 'phan: Update custom stubs' --body 'This is an automatic update generated by a GitHub Action. If closed it will be recreated the next time the action runs.' --label '[Pri] Normal' --label '[Type] Janitorial' --label '[Status] Needs Review' --reviewer Automattic/jetpack-monorepo; then - git push --delete origin update/phan-custom-stubs - exit 1 - fi - - - name: Update existing branch - if: steps.changes.outputs.needed == 'true' && steps.changes.outputs.has-branch == 'true' - run: | - git commit -am 'phan: Update custom stubs' - SHA=$( git rev-parse HEAD ) - git checkout update/phan-custom-stubs - git reset --hard "$SHA" - git push --force-with-lease origin HEAD diff --git a/.github/workflows/wpcloud.yml b/.github/workflows/wpcloud.yml deleted file mode 100644 index 049a4760271a..000000000000 --- a/.github/workflows/wpcloud.yml +++ /dev/null @@ -1,151 +0,0 @@ -name: WP Cloud Unit Testing for WPCOMSH - -on: - pull_request: - push: - branches: ['trunk', '*/branch-*'] -concurrency: - group: wpcloud-wpcomsh - cancel-in-progress: false - # Concurrency is set up to make sure we can only run one WP Cloud testing job at the same time. - -jobs: - build: - name: Install the Monorepo and build wpcomsh - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - outputs: - wpcomsh: ${{ steps.changed.outputs.wpcomsh }} - steps: - - uses: actions/checkout@v4 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - # Match PHP version on WP Cloud so the right vendor packages get installed. - php: 8.1 - - name: Monorepo install - run: | - echo "::group::Pnpm" - pnpm install - echo "::endgroup::" - - name: Detect if wpcomsh has changed - id: changed - run: | - CHANGED="$(EXTRA=test .github/files/list-changed-projects.sh)" - - WPCOMSH_CHANGED="$(jq --argjson changed "$CHANGED" -n '$changed | has( "plugins/wpcomsh" ) ')" - echo "wpcomsh=${WPCOMSH_CHANGED}" >> "$GITHUB_OUTPUT" - - name: Build wpcomsh - if: steps.changed.outputs.wpcomsh == 'true' - run: | - find . -path ./.github -prune -o -type f -print | sort > /tmp/before.txt - echo "::group::Installing and building wpcomsh" - rm projects/plugins/wpcomsh/composer.lock - pnpm jetpack build -v --deps plugins/wpcomsh - echo "::endgroup::" - - # We only want to save the files that were actually created or changed. - # But we can't just list them for actions/cache/save, "Argument list too long". - # So instead we delete all the unchanged files so we can tell actions/cache/save - # to save everything that's left. - git -c core.quotepath=off diff --name-only | sort > /tmp/changed.txt - if [[ -s /tmp/changed.txt ]]; then - grep -F -x -v -f /tmp/changed.txt /tmp/before.txt > /tmp/remove.txt - else - cp /tmp/before.txt /tmp/remove.txt - fi - xargs -d '\n' rm < /tmp/remove.txt - find . -type d -empty -delete - - - name: Save wpcomsh build cache - if: steps.changed.outputs.wpcomsh == 'true' - id: wpcomsh-build-cache-save - uses: actions/cache/save@v4 - with: - path: | - . - !./.github/ - key: ${{ github.sha }} - deploy: - name: Run PHPUnit on the WP Cloud test site - runs-on: ubuntu-latest - needs: build - if: needs.build.outputs.wpcomsh == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Restore wpcomsh build cache - id: wpcomsh-build-cache - uses: actions/cache/restore@v4 - with: - path: | - . - !./.github/ - key: ${{ github.sha }} - fail-on-cache-miss: true - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Install monorepo - run: | - pnpm install - - - name: Configure Github to be able to SSH to the WP Cloud site - run: | - echo "::group::Intializing" - - mkdir -vp ~/.ssh/ - chmod -v 700 ~/.ssh - - touch ~/.ssh/id_site - touch ~/.ssh/known_hosts - touch ~/.ssh/config - chmod 600 ~/.ssh/id_site - chmod 600 ~/.ssh/known_hosts - chmod 600 ~/.ssh/config - echo "$SSH_KEY" > ~/.ssh/id_site - echo "wrote ~/.ssh/id_site" - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - echo "wrote ~/.ssh/known_hosts" - echo "Host jpwpcomsh" > ~/.ssh/config - echo " Hostname sftp.wp.com" >> ~/.ssh/config - echo " User wpcom-jetpackisbestpack-default-237778992" >> ~/.ssh/config - echo " IdentityFile ~/.ssh/id_site" >> ~/.ssh/config - echo " IdentitiesOnly yes" >> ~/.ssh/config - - echo "::endgroup::" - - echo "::group::Transferring wpcomsh to the testing server" - ssh jpwpcomsh "wp --skip-plugins --skip-themes dereferenced freshen > /dev/null 2>&1" || CODE=$? - echo "wp dereferenced freshen has exited with code $CODE" - ssh jpwpcomsh "rm -rf /tmp/old-* > /dev/null 2>&1" - pnpm jetpack rsync --non-interactive wpcomsh jpwpcomsh:~/htdocs/wp-content/mu-plugins - scp -r projects/plugins/wpcomsh/bin jpwpcomsh:/srv/htdocs/wp-content/mu-plugins/wpcomsh/ - scp -r projects/plugins/wpcomsh/tests jpwpcomsh:/srv/htdocs/wp-content/mu-plugins/wpcomsh/ - # The test on WP Cloud won't use `phpunit-select-config`, so select config manually. - scp projects/plugins/wpcomsh/phpunit.9.xml.dist jpwpcomsh:/srv/htdocs/wp-content/mu-plugins/wpcomsh/phpunit.xml.dist - - echo "::endgroup::" - - echo "::group::execution" - ssh jpwpcomsh "/srv/htdocs/wp-content/mu-plugins/wpcomsh/bin/run-phpunit-tests.sh" || CODE=$? - echo "::endgroup::" - - echo "::group::teardown" - rm -rvf ~/.ssh/ - echo "::endgroup::" - echo "Exiting with exit code $CODE" - exit $CODE - env: - SSH_KEY: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KEY }} - SSH_KNOWN_HOSTS: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KNOWN_HOSTS }} diff --git a/.phan/stubs/akismet-stubs.php b/.phan/stubs/akismet-stubs.php index d9730ca14b7b..10013b47efa4 100644 --- a/.phan/stubs/akismet-stubs.php +++ b/.phan/stubs/akismet-stubs.php @@ -1,6 +1,6 @@